SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2007-04-02 22:19
Updated : 2024-02-28 11:01
NVD link : CVE-2007-1793
Mitre link : CVE-2007-1793
CVE.ORG link : CVE-2007-1793
JSON object : View
Products Affected
symantec
- norton_antivirus
- norton_internet_security
- norton_personal_firewall
- norton_antispam
- norton_system_works
- norton_360
- client_security
- antivirus
CWE
CWE-20
Improper Input Validation