CVE-2016-9093

A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able t...

CVE-2016-9093

A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able t...

CVE-2016-9093

A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able t...

Symantec Endpoint Protection Clients Local Elevation of Privilege, CSV Formula Injection

SUMMARY Symantec has released updates to address security issues reported in both Symantec Endpoint Protection 12.1 and Symantec Endpoint Protection 14.0 Windows clients. AFFECTED PRODUCTS Symantec Endpoint Protection SEP --- CVE | Affected Versions | Remediation CVE-2016-9093 CVE-2016-9094 | Pri...

Symantec Multiple Products SymEvent Driver Local Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20051/info Multiple Symantec products are prone to a local denial-of-service vulnerability. This issue occurs when attackers send malformed data to the 'SymEvent' driver. A local authenticated attacker may exploit this...

Symantec Norton Personal Firewall 2006 SymEvent驱动本地拒绝服务漏洞

Symantec Norton Personal Firewall是一款流行的个人桌面防火墙。 Symantec Norton Personal Firewall 2006包含的SymEvent驱动存在问题，本地攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 SymEvent不充分保护其他恶意应用程序对'\Device\SymEvent'的操作及对输入缓冲区验证存在问题，可导致可以打开这个驱动，发送任意数据给它，而驱动没有进行验证的就认为输入合法，可组合输入缓冲区中的数据执行非法内存操作，使系统崩溃。 Symantec Norton Personal Firewall 2006 9.1....

Design/Logic Flaw

The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service system crash via invalid data, as demonstrated by calling DeviceIoControl to send the data, a reintroduction of...

CVE-2007-1495

The CVEs concern Symantec Norton Personal Firewall 2006 (9.1.1.7) and related Norton products using symevent.sys 12.0.0.20/SYMTDI.SYS. Affected component: \Device\SymEvent and driver interface; root cause is sending crafted data to the driver (e.g., via DeviceIoControl) that leads to invalid memo...

Symantec Norton Personal Firewall / Norton Internet Security buffer overflow

DeviceSymEvent driver interface buffer overflow...

SymEvent Driver Local Access System Denial of Service

Hello, Today, we have accidentally discovered that the vulnerability, which is described here http://www.symantec.com/avcenter/security/Content/2006.09.20a.html and its third party identifications are BID: 20051 Secunia Advisory: SA21938 CVE: CVE-2006-4855 is active again in the today's update of...

Symantec Norton个人防火墙SymEvent驱动本地拒绝服务漏洞

Symantec Norton个人防火墙是非常流行的防火墙软件。 Symantec Norton个人防火墙的实现上存在漏洞，本地攻击者可能利用此漏洞对系统执行拒绝服务攻击。 Norton没有充分地保护 \Device\SymEvent 驱动，也没有验证其输入缓冲区，允许Everyone向这个驱动中写入数据，可能导致驱动执行无效的内存操作以及整个操作系统崩溃。 Symantec Norton Personal Firewall 2006 9.1.0.33 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

Symantec: SymEvent Driver Local Access System Denial of Service

SUMMARY A local access denial of service DoS issue has been identified in the Symantec SymEvent driver used in Symantec consumer and corporate/enterprise products listed below. A local user with authorized access to the targeted system can initiate a DoS in the affected Symantec application...

CVE-2006-4855

The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1,...

Symantec Norton Insufficient validation of 'SymEvent' driver input buffer

Hello, I would like to inform you about a vulnerability in Norton Personal Firewall. Description: Norton insufficiently protects its driver 'DeviceSymEvent' against a manipulation by malicious applications and it fails to validate its input buffer. It is possible to open this driver and send...

Symantec (Multiple Products) - 'SymEvent' Driver Local Denial of Service

source: https://www.securityfocus.com/bid/20051/info Multiple Symantec products are prone to a local denial-of-service vulnerability. This issue occurs when attackers send malformed data to the 'SymEvent' driver. A local authenticated attacker may exploit this issue to crash affected computers,...

Symantec (Multiple Products) - SymEvent Driver Local Denial of Service

Symantec Multiple Products - SymEvent Driver Local Denial of Service source: https://www.securityfocus.com/bid/20051/info Multiple Symantec products are prone to a local denial-of-service vulnerability. This issue occurs when attackers send malformed data to the 'SymEvent' driver. A local...