SymEvent Driver Local Access System Denial of Service

2007.03.21

Credit: Matousec - Transparent security Research

Risk: Medium

Local: Yes

Remote: Yes

CVE: CVE-2007-1495

CWE: CWE-Other

CVSS Base Score: 4.9/10

Impact Subscore: 6.9/10

Exploitability Subscore: 3.9/10

Exploit range: Local

Attack complexity: Low

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Complete

Hello,
Today, we have accidentally discovered that the vulnerability, which is described here
http://www.symantec.com/avcenter/security/Content/2006.09.20a.html
and its third party identifications are
BID: 20051
Secunia Advisory: SA21938
CVE: CVE-2006-4855
is active again in the today's update of Norton Personal Firewall 2006 version 9.1.1.7.
Probably, some changes have been made in the SymEvent driver since it was fixed
that causes that the driver is vulnerable again.
The version of symevent.sys on the testing system is 12.0.0.20.
Kind Regards,
--
Matousec - Transparent security Research
http://www.matousec.com/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

SymEvent Driver Local Access System Denial of Service

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.