Lucene search

[email protected]CVE-2007-1476

HistoryMar 16, 2007 - 9:19 p.m.

CVE-2007-1476

2007-03-1621:19:00

CWE-20

[email protected]

web.nvd.nist.gov

symantec

norton

symtdi driver

cve-2007-1476

denial of service

nvd

6.3 Medium

AI Score

Confidence

High

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

9.2%

JSON

The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver’s \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855.

CPENameOperatorVersion
symantec:norton_antivirussymantec norton antiviruseq10.1
symantec:client_securitysymantec client securityeq3.0
symantec:client_securitysymantec client securityeq3.0.1.1009
symantec:norton_antivirussymantec norton antiviruseq9.0.2.1000
symantec:norton_antivirussymantec norton antiviruseq9.0.3.1000
symantec:client_securitysymantec client securityeq2.0.6
symantec:norton_system_workssymantec norton system workseq2005
symantec:client_securitysymantec client securityeq3.0.2.2020
symantec:client_securitysymantec client securityeq2.1
symantec:norton_antivirussymantec norton antiviruseq10.1.400

CPE	Name	Operator	Version
symantec:norton_antivirus	symantec norton antivirus	eq	10.1
symantec:client_security	symantec client security	eq	3.0
symantec:client_security	symantec client security	eq	3.0.1.1009
symantec:norton_antivirus	symantec norton antivirus	eq	9.0.2.1000
symantec:norton_antivirus	symantec norton antivirus	eq	9.0.3.1000
symantec:client_security	symantec client security	eq	2.0.6
symantec:norton_system_works	symantec norton system works	eq	2005
symantec:client_security	symantec client security	eq	3.0.2.2020
symantec:client_security	symantec client security	eq	2.1
symantec:norton_antivirus	symantec norton antivirus	eq	10.1.400

Rows per page:

1-10 of 791

References

marc.info/?l=full-disclosure&m=117396596027148&w=2

osvdb.org/35088

securityreason.com/securityalert/2438

securitytracker.com/id?1018656

www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymTDI-driver-input-buffer.php

www.securityfocus.com/archive/1/462926/100/0/threaded

www.securityfocus.com/bid/22977

www.symantec.com/avcenter/security/Content/2007.09.05.html

exchange.xforce.ibmcloud.com/vulnerabilities/33003

6.3 Medium

AI Score

Confidence

High

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVE-2007-1476

prion2 securityvulns3 symantec1 cve2