Lucene search

[email protected]NVD:CVE-2007-1476

HistoryMar 16, 2007 - 9:19 p.m.

CVE-2007-1476

2007-03-1621:19:00

CWE-20

[email protected]

web.nvd.nist.gov

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.7%

JSON

The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver’s \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855.

Affected configurations

NVD

Node

symantecclient_securityMatch2.0

symantecclient_securityMatch2.0scf_7.1

symantecclient_securityMatch2.0build_9.0.0.338

symantecclient_securityMatch2.0build_9.0.0.338stm

symantecclient_securityMatch2.0.1

symantecclient_securityMatch2.0.1_build_9.0.1.1000mr1

symantecclient_securityMatch2.0.2

symantecclient_securityMatch2.0.2_build_9.0.2.1000mr2

symantecclient_securityMatch2.0.3

symantecclient_securityMatch2.0.3_build_9.0.3.1000mr3

symantecclient_securityMatch2.0.4

symantecclient_securityMatch2.0.4mr4_build1000

symantecclient_securityMatch2.0.5

symantecclient_securityMatch2.0.5_build_1100

symantecclient_securityMatch2.0.5_build_1100_mp1mr5

symantecclient_securityMatch2.0.6

symantecclient_securityMatch2.0.6mr6

symantecclient_securityMatch2.0_scf_7.1

symantecclient_securityMatch2.0_stm_build_9.0.0.338

symantecclient_securityMatch2.1

symantecclient_securityMatch3.0

symantecclient_securityMatch3.0.0.359

symantecclient_securityMatch3.0.1.1000

symantecclient_securityMatch3.0.1.1001

symantecclient_securityMatch3.0.1.1007

symantecclient_securityMatch3.0.1.1008

symantecclient_securityMatch3.0.1.1009

symantecclient_securityMatch3.0.2

symantecclient_securityMatch3.0.2.2000

symantecclient_securityMatch3.0.2.2001

symantecclient_securityMatch3.0.2.2002

symantecclient_securityMatch3.0.2.2010

symantecclient_securityMatch3.0.2.2011

symantecclient_securityMatch3.0.2.2020

symantecclient_securityMatch3.0.2.2021

symantecclient_securityMatch3.1

symantecclient_securityMatch3.1.0.396

symantecclient_securityMatch3.1.0.401

symantecclient_securityMatch3.1.394

symantecclient_securityMatch3.1.396

symantecclient_securityMatch3.1.400

symantecclient_securityMatch3.1.401

symantecnorton_antispamMatch2005

symantecnorton_antivirusMatch3.0corporate

symantecnorton_antivirusMatch9.0corporate

symantecnorton_antivirusMatch9.0.0.338corporate

symantecnorton_antivirusMatch9.0.1corporate

symantecnorton_antivirusMatch9.0.1.1.1000corporate

symantecnorton_antivirusMatch9.0.1.1000corporate

symantecnorton_antivirusMatch9.0.2corporate

symantecnorton_antivirusMatch9.0.2.1000corporate

symantecnorton_antivirusMatch9.0.3.1000corporate

symantecnorton_antivirusMatch9.0.4corporate

symantecnorton_antivirusMatch9.0.5corporate

symantecnorton_antivirusMatch9.0.5.1100corporate

symantecnorton_antivirusMatch9.0.6.1000corporate

symantecnorton_antivirusMatch10.0corporate

symantecnorton_antivirusMatch10.0.1.1000corporate

symantecnorton_antivirusMatch10.0.1.1007corporate

symantecnorton_antivirusMatch10.0.1.1008corporate

symantecnorton_antivirusMatch10.0.2.2000corporate

symantecnorton_antivirusMatch10.0.2.2001corporate

symantecnorton_antivirusMatch10.0.2.2002corporate

symantecnorton_antivirusMatch10.0.2.2010corporate

symantecnorton_antivirusMatch10.0.2.2011corporate

symantecnorton_antivirusMatch10.0.2.2020corporate

symantecnorton_antivirusMatch10.0.2.2021corporate

symantecnorton_antivirusMatch10.1corporate

symantecnorton_antivirusMatch10.1.4corporate

symantecnorton_antivirusMatch10.1.4.4010corporate

symantecnorton_antivirusMatch10.1.394corporate

symantecnorton_antivirusMatch10.1.396corporate

symantecnorton_antivirusMatch10.1.400corporate

symantecnorton_antivirusMatch10.1.401corporate

symantecnorton_antivirusMatch2005

symantecnorton_antivirusMatch2006

symantecnorton_internet_securityMatch2005

symantecnorton_internet_securityMatch2006

symantecnorton_personal_firewallRange≤2006_9.1.1.7

symantecnorton_personal_firewallMatch2005

symantecnorton_personal_firewallMatch2006

symantecnorton_personal_firewallMatch2006_9.1.0.33

symantecnorton_system_worksMatch2005

symantecnorton_system_worksMatch2006

References

marc.info/?l=full-disclosure&m=117396596027148&w=2

osvdb.org/35088

securityreason.com/securityalert/2438

securitytracker.com/id?1018656

www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymTDI-driver-input-buffer.php

www.securityfocus.com/archive/1/462926/100/0/threaded

www.securityfocus.com/bid/22977

www.symantec.com/avcenter/security/Content/2007.09.05.html

exchange.xforce.ibmcloud.com/vulnerabilities/33003

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.7%

JSON

Related for NVD:CVE-2007-1476

prion2 cvelist3 cve3 securityvulns3 nvd2 symantec1