Buffer overflow

The nvcoaft51 driver in Norman Virus Control NVC 5.82 uses weak permissions unrestricted write access for the NvcOa device, which allows local users to gain privileges by 1 triggering a buffer overflow in a kernel pool via a string argument to ioctl 0xBF67201C; or by 2 sending a crafted KEVENT...

Norman Virus Control nvcoaft51.sys ioctl BF672028 Exploit

No description provided by source. / Norman Virus Control nvcoaft51.sys ioctl BF672028 exploit Abstract nvcoaft51.sys driver receive as parameter in some ioctl's a pointer to a KEVENT struct, calling KeSetEvent without any prior check. The device created by the driver NvcOa can be opened by any...

norton-local.txt

/ Norman Virus Control nvcoaft51.sys ioctl BF672028 exploit Abstract nvcoaft51.sys driver receive as parameter in some ioctl's a pointer to a KEVENT struct, calling KeSetEvent without any prior check. The device created by the driver NvcOa can be opened by any user. As result, a user can send a...

Norman Virus Control - nvcoaft51.sys ioctl BF672028

Norman Virus Control - nvcoaft51.sys ioctl BF672028 / Norman Virus Control nvcoaft51.sys ioctl BF672028 exploit Abstract nvcoaft51.sys driver receive as parameter in some ioctl's a pointer to a KEVENT struct, calling KeSetEvent without any prior check. The device created by the driver NvcOa can b...

Norman Virus Control nvcoaft51.sys ioctl BF672028 Exploit

Exploit for unknown platform in category local exploits ========================================================= Norman Virus Control nvcoaft51.sys ioctl BF672028 Exploit ========================================================= / Norman Virus Control nvcoaft51.sys ioctl BF672028 exploit Abstrac...

Norman Virus Control - 'nvcoaft51.sys' ioctl BF672028

/ Norman Virus Control nvcoaft51.sys ioctl BF672028 exploit Abstract nvcoaft51.sys driver receive as parameter in some ioctl's a pointer to a KEVENT struct, calling KeSetEvent without any prior check. The device created by the driver NvcOa can be opened by any user. As result, a user can send a...

CVE-2007-4591

vstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service host operating system crash and possibly gain privileges by sending a small file buffer size value to the FsSetVolumeInformation IOCTL handler with an FsSetFileInformation subcode...

Buffer overflow

Buffer underflow in redlight.sys in BufferZone 2.1 and 2.5 allows local users to cause a denial of service crash and possibly execute arbitrary code by sending a small buffer size value to the FsSetVolumeInformation IOCTL handler code with a FsSetDirectoryInformation subcode containing a large...

BufferZone buffer overflow

Buffer overflow on FsSetVolumeInformation IOCTL...

Sun Solaris ATA 磁盘驱动IOCTL本地拒绝服务漏洞

Solaris是一款由Sun开发和维护的商业性质UNIX操作系统。 ata7D磁盘驱动的某些ioctl2函数中的安全漏洞可能允许本地非特权用户导致系统忙碌，造成拒绝服务的情况。 如果出现了上述漏洞，系统会变得忙碌，生成类似于以下的栈追踪： 32位i386系统： atadiskioctl+0x16f dadkioctl+0x1d7 cmdkioctl+0x361 cdevioctl+0x2b specioctl+0x62 fopioctl+0x24 ioctl+0x199 syssysenter+0x101 64位i386系统： atadiskioctl+0x14c...

Code injection

Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on the x86 platform before 20070821 allows local users to cause a denial of service system panic via an unspecified ioctl function, aka Bug 6433124...

CVE-2007-4495

Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on the x86 platform before 20070821 allows local users to cause a denial of service system panic via an unspecified ioctl function, aka Bug 6433124...

Code injection

Multiple unspecified vulnerabilities in the ata disk driver in Sun Solaris 8, 9, and 10 on the x86 platform before 20070821 allow local users to cause a denial of service system panic via unspecified ioctl functions, aka Bug 6433123...

CVE-2007-4492

Multiple unspecified vulnerabilities in the ata disk driver in Sun Solaris 8, 9, and 10 on the x86 platform before 20070821 allow local users to cause a denial of service system panic via unspecified ioctl functions, aka Bug 6433123...

CVE-2007-4492

CVE-2007-4492 describes multiple unspecified vulnerabilities in the Sun Solaris ata disk driver on x86 (Solaris 8/9/10) that can cause a local denial of service via unspecified ioctl calls. Connected documents reference Solaris updates for the ata driver (e.g., 117122-03 and 109798-04) as remedia...

Memory corruption

vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet Irp in a METHODNEITHER 1 IOCTL 0x8400000F or 2 IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations...

CVE-2007-4216

vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet Irp in a METHODNEITHER 1 IOCTL 0x8400000F or 2 IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations...

ZoneAlarm产品多个本地权限提升漏洞

BUGTRAQ ID: 25365 CVECAN ID: CVE-2007-4216,CVE-2005-2932 ZoneAlarm是一款个人电脑防火墙，能保护个人数据和隐私安全。 ZoneAlarm的实现和安装上存在多个安全漏洞，本地攻击者可能利用此漏洞提升自己的权限。 ZoneAlarm产品vsdatant.sys设备驱动的IOCTL处理代码没有验证传送给IOCTL 0x8400000F和IOCTL...

iDefense Security Advisory 08.20.07: Check Point Zone Labs VSDATANT Multiple IOCTL Privilege Escalation Vulnerabilities

Check Point Zone Labs VSDATANT Multiple IOCTL Privilege Escalation Vulnerabilities iDefense Security Advisory 08.20.07 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 20, 2007 I. BACKGROUND Zone Alarm products provide security solutions such as anti-virus, firewall, spy-ware, and ad-wa...

CVE-2007-4308

CVE-2007-4308 affects the Linux kernel’s SCSI aacraid driver, specifically the functions aac_cfg_open and aac_compat_ioctl . The advisory reports that these ioctl handlers did not perform permission checks, enabling a local user to cause a denial of service or potentially gain privileges. Affecte...