122 matches found
Buffer overflow
The nvcoaft51 driver in Norman Virus Control NVC 5.82 uses weak permissions unrestricted write access for the NvcOa device, which allows local users to gain privileges by 1 triggering a buffer overflow in a kernel pool via a string argument to ioctl 0xBF67201C; or by 2 sending a crafted KEVENT...
Microsoft SRV.SYS Mailslot Write Corruption
This module triggers a kernel pool corruption bug in SRV.SYS. Each call to the mailslot write function results in a two byte return value being written into the response packet. The code which creates this packet fails to consider these two bytes in the allocation routine, resulting in a slow...