Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
1.9
CVSSv2

CVE-2007-1476

Published: 16/03/2007 Updated: 16/10/2018
CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4
VMScore: 195
Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Norton Antispam

Vulnerability Summary

The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and previous versions, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x up to and including 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855.

Vulnerable Product Search on Vulmon Subscribe to Product

symantec norton antispam 2005

symantec norton antivirus 2006

symantec norton antivirus 10.0.1.1007

symantec norton antivirus 10.0.1.1008

symantec norton antivirus 10.0.2.2021

symantec norton antivirus 10.0

symantec norton antivirus 3.0

symantec norton antivirus 9.0.0.338

symantec norton antivirus 9.0.4

symantec norton antivirus 9.0.5.1100

symantec client security 2.0.2

symantec client security 2.0.2_build_9.0.2.1000

symantec client security 2.0.6

symantec client security 3.0

symantec client security 3.0.0.359

symantec client security 3.0.2.2000

symantec client security 3.0.2.2001

symantec client security 3.0.2.2002

symantec norton personal firewall

symantec norton personal firewall 2005

symantec norton system works 2006

symantec norton antivirus 10.0.2.2002

symantec norton antivirus 10.0.2.2010

symantec norton antivirus 10.1.4.4010

symantec norton antivirus 10.1.4

symantec norton antivirus 10.1.400

symantec norton antivirus 9.0.1

symantec norton antivirus 9.0.2.1000

symantec norton antivirus 9.0

symantec client security 2.0

symantec client security 2.0.4

symantec client security 2.0.5

symantec client security 2.0_scf_7.1

symantec client security 3.0.1.1007

symantec client security 3.0.1.1008

symantec client security 3.0.2.2020

symantec client security 3.0.2.2021

symantec client security 3.1.401

symantec norton antivirus 2005

symantec norton personal firewall 2006

symantec norton antivirus 10.0.2.2000

symantec norton antivirus 10.0.2.2001

symantec norton antivirus 10.1.394

symantec norton antivirus 10.1.396

symantec norton antivirus 9.0.1.1.1000

symantec norton antivirus 9.0.1.1000

symantec norton antivirus 9.0.5

symantec norton antivirus 9.0.6.1000

symantec client security 3.1.0.401

symantec client security 3.1.394

symantec client security 2.0.3

symantec client security 2.0.3_build_9.0.3.1000

symantec client security 3.0.1.1000

symantec client security 3.0.1.1001

symantec client security 3.0.2.2010

symantec client security 3.0.2.2011

symantec client security 3.1.396

symantec client security 3.1.400

symantec norton personal firewall 2006_9.1.0.33

symantec norton internet security 2005

symantec norton internet security 2006

symantec norton system works 2005

symantec norton antivirus 10.0.1.1000

symantec norton antivirus 10.0.2.2011

symantec norton antivirus 10.0.2.2020

symantec norton antivirus 10.1.401

symantec norton antivirus 10.1

symantec norton antivirus 9.0.2

symantec norton antivirus 9.0.3.1000

symantec client security 2.0.1

symantec client security 2.0.1_build_9.0.1.1000

symantec client security 2.0.5_build_1100

symantec client security 2.0.5_build_1100_mp1

symantec client security 2.0_stm_build_9.0.0.338

symantec client security 2.1

symantec client security 3.0.1.1009

symantec client security 3.0.2

symantec client security 3.1

symantec client security 3.1.0.396

Exploits

Exploit DB: Symantec 'SYMTDI.SYS' Device Driver - Local Denial of Service
source: wwwsecurityfocuscom/bid/22977/info Symantec 'SYMTDISYS' device driver is prone to a local denial-of-service vulnerability A local authenticated attacker may exploit this issue to crash affected computers, denying service to legitimate users This issue is similar to the one described in BID 22961 Symantec is currently investi ...

References

CWE-20http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymTDI-driver-input-buffer.phphttp://www.securityfocus.com/bid/22977http://marc.info/?l=full-disclosure&m=117396596027148&w=2http://www.symantec.com/avcenter/security/Content/2007.09.05.htmlhttp://securitytracker.com/id?1018656http://securityreason.com/securityalert/2438http://osvdb.org/35088https://exchange.xforce.ibmcloud.com/vulnerabilities/33003http://www.securityfocus.com/archive/1/462926/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/29743/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook