CVE-2003-1309

CVE-2003-1309 affects the ZoneAlarm true vector device driver (VSDATANT) in ZoneAlarm prior to 3.7.211, Pro prior to 4.0.146.029, and Plus prior to 4.0.146.029. The issue enables local privilege elevation via the DeviceIoControl interface by exploiting signals (the so‑called “Device Driver Attack...

CVE-2003-1310

The CVE concerns Norton AntiVirus 2002 on Windows, specifically the DeviceIoControl path in the Norton Device Driver (NAVAP.sys). The vulnerability allows local privilege escalation by overwriting memory locations through certain IOCTL codes, enabling a non-privileged user to gain higher privileg...

CVE-2006-5721

The \Device\SandBox driver in Outpost Firewall PRO 4.0 964.582.059 allows local users to cause a denial of service system crash via an invalid argument to the DeviceIoControl function that triggers an invalid memory operation...

Symantec AntiVirus SAVRT.SYS驱动本地权限提升漏洞

Symantec AntiVirus是非常流行的杀毒解决方案。 Symantec AntiVirus的SAVRT.SYS驱动在处理输入缓冲区时存在漏洞，本地攻击者可能利用此漏洞提升权限或导致拒绝服务。 由于没有正确的验证输出缓冲区的地址空间，Symantec的SAVRT.SYS中的安全漏洞可能允许恶意用户使用DeviceIOControl的输出缓冲区覆盖内核地址。成功利用这个漏洞可能允许本地攻击者以提升的权限执行任意指令或导致系统崩溃。 Symantec Client Security = 2.0.3 Symantec Client Security 1.1 Symantec...

CVE-2006-3455

The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function...

CVE-2005-3197

Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop Firewall before 1.3.0build52 allows local users to execute arbitrary code as SYSTEM by sending a crafted DeviceIoControl command, then removing an allowed program from the firewall list...

CVE-2005-3198

Webroot Desktop Firewall before 1.3.0build52 allows local users to disable the firewall, even when password protection is enabled, via certain DeviceIoControl commands...

CVE-2005-3197

Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop Firewall before 1.3.0build52 allows local users to execute arbitrary code as SYSTEM by sending a crafted DeviceIoControl command, then removing an allowed program from the firewall list...

Webroot Desktop Firewall buffer overflow

Buffer overflow on deleting application from the list of allowed programs. It's possible for non-privileged users to disable the firewall even when password protection has been enabled, by sending specific DeviceIoControl commands to the firewall driver...

[Full-disclosure] Secunia Research: Webroot Desktop Firewall Two Vulnerabilities

====================================================================== Secunia Research 06/10/2005 - Webroot Desktop Firewall Two Vulnerabilities - ====================================================================== Table of Contents Affected...

CVE-2005-2986

The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusBlock 2005 Build 6.0.0.383, V3Net for Windows Server 6.0 Build 6.0.0.383 does not properly validate the source of the DeviceIoControl commands, which allows remote attackers to gain privileges...

CVE-2005-2986

The CVE-2005-2986 entry concerns the v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusBlock 2005 Build 6.0.0.383, and V3Net for Windows Server 6.0 Build 6.0.0.383. The vulnerability is that the driver does not properly validate the source of DeviceIoControl commands, enabling remo...

CVE-2005-2986

The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusBlock 2005 Build 6.0.0.383, V3Net for Windows Server 6.0 Build 6.0.0.383 does not properly validate the source of the DeviceIoControl commands, which allows remote attackers to gain privileges...

Secunia Research: Ahnlab V3 Antivirus Multiple Vulnerabilities

====================================================================== Secunia Research 15/09/2005 - Ahnlab V3 Antivirus Multiple Vulnerabilities - ====================================================================== Table of Contents Affected...

CVE-2003-1310

The DeviceIoControl function in the Norton Device Driver NAVAP.sys in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes aka "Device Driver Attack"...