CVE-2006-4927
First published: Tue Oct 10 2006(Updated: )
The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Naveng Driver | ||
| Symantec Navex15 Driver |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417
- http://www.symantec.com/avcenter/security/Content/2006.10.05a.html
- http://www.securityfocus.com/bid/20360
- http://securitytracker.com/id?1016994
- http://securitytracker.com/id?1016995
- http://securitytracker.com/id?1016996
- http://securitytracker.com/id?1016997
- http://securitytracker.com/id?1016998
- http://securitytracker.com/id?1016999
- http://securitytracker.com/id?1017000
- http://securitytracker.com/id?1017001
- http://securitytracker.com/id?1017002
- http://secunia.com/advisories/22288
- http://www.kb.cert.org/vuls/id/946820
- http://securityreason.com/securityalert/1690
- http://www.vupen.com/english/advisories/2006/3928
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29360
- http://www.securityfocus.com/archive/1/447849/100/0/threaded
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-historical
- collector/nvd-index
- vendor/symantec
- canonical/symantec naveng driver
- canonical/symantec navex15 driver