CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

$9736.22 of $21422.68
left sidedonated so farneed $11686.46 donated to reach our goalright side, our goal
Help CastleCops serve the community on new servers, Donate Here to reach our goal.

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
Survey
spacer
Was 2007 a good year?

Yes it was a wonderful year
Yes, but there is always room for improvement
Status quo
It was a challenge
Other (leave comment)



Results
Polls

Votes: 927
Comments: 25
block bottom
spacer spacer
image Vulnerabilities: Symantec Norton AntiVirus Device Driver Privilege Escalation image
Symantec
Symantec Norton AntiVirus Device Driver Privilege Escalation

Release Date: 2003-08-06
Critical: Less critical
Impact: Privilege escalation
DoS
Where: Local system
Software: Norton AntiVirus 2002

Description:
A vulnerability has been reported in Symantec Norton AntiVirus, which can be exploited by malicious, local users to escalate their privileges on a vulnerable system or cause it to crash.

The vulnerability is caused due to an error in the Norton AntiVirus Device Driver (NAVAP.sys). This can be exploited by sending two specially crafted control codes using the DeviceIoControl() function, which request the device driver to perform certain operations.

The first control code will supply specially crafted input to the requested operation via the lpInBuffer, which then returns output to the memory location specified by the lpOutBuffer. The memory contents in this location can then be changed to include arbitrary shellcode. Afterwards, the second control code can manipulate the drivers return address making it jump to the memory location previously specified by the lpOutBuffer.

Successful exploitation either crashes the system or allows execution of arbitrary code with Kernel Mode (Ring 0) privileges.

The vulnerability has been reported in version 2002. However, other versions are possibly also affected.


Solution:
Grant only trusted users access to affected systems.


Reported by / credits:
Lord YuP


Original Advisory: Sec-Lab
Posted on Thursday, 07 August 2003 @ 08:30:00 UTC by phoenix22 (7310 reads)
[ Trackback ]		image

"Vulnerabilities: Symantec Norton AntiVirus Device Driver Privilege Escalation" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register
 
Login
spacer
Nickname

Password

Security Code: Type Security Code: Usage signifies AUP acceptance
· New User? · Click here to create a registered account.
block bottom
Related Links
spacer
· del.icio.us!
· digg it!
· reddit!
· TrackBack (0)
· PHP HomePage
· Linux Kernel Archives
· HotScripts
· W3 Consortium
· More about Symantec
· News by phoenix22

Most read story about Symantec:
CCAPP.EXE
block bottom
Article Rating
spacer
Average Score: 3.4
Votes: 5


Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent
block bottom
Options
spacer

Printer Friendly Page  Printer Friendly Page
block bottom
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
132ppm 0.243s (0.033s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer