Published: 02/04/2007 Updated: 16/10/2018

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

VMScore: 495

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
symantec norton antispam 2004
symantec norton antispam 2005
symantec norton internet security 2006
symantec norton antivirus 2004
symantec norton antivirus 2005
symantec norton internet security 2008
symantec norton personal firewall 2004
symantec antivirus 10.0.1
symantec antivirus 10.0.2
symantec antivirus 10.0.9
symantec antivirus 10.0.2.1
symantec client security 3.0.1.1008
symantec client security 3.0.1.1009
symantec client security 3.0.2.2020
symantec client security 3.0.2.2021
symantec client security 3.1.401
symantec norton personal firewall 2006_9.1.1.7
symantec norton 360 1.0
symantec norton internet security 2004
symantec norton internet security 2005
symantec norton system works 2004
symantec norton system works 2005
symantec antivirus 10.0.5
symantec antivirus 10.0.6
symantec client security 3.0.0.359
symantec client security 3.0.1.1000
symantec client security 3.0.2.2001
symantec client security 3.0.2.2002
symantec client security 3.1.0.401
symantec client security 3.1.394
symantec norton internet security 2007
symantec norton system works 2006
symantec antivirus 10.0
symantec antivirus 10.0.7
symantec antivirus 10.0.8
symantec client security 3.0.1.1001
symantec client security 3.0.1.1007
symantec client security 3.0.2.2010
symantec client security 3.0.2.2011
symantec client security 3.1.396
symantec client security 3.1.400
symantec norton personal firewall 2006_9.1.0.33
symantec norton antivirus 2006
symantec norton antivirus 2007
symantec norton antivirus 2008
symantec norton personal firewall 2005
symantec norton personal firewall 2006
symantec antivirus 10.0.3
symantec antivirus 10.0.4
symantec antivirus 10.0.2.2
symantec antivirus 10.0.1.1
symantec client security 3.0
symantec client security 3.0.2
symantec client security 3.0.2.2000
symantec client security 3.1
symantec client security 3.1.0.396

source: wwwsecurityfocuscom/bid/23241/info Multiple Symantec products are prone to a local denial-of-service vulnerability This issue occurs when attackers supply invalid argument values to the 'SPBBCDrvsys' driver A local attacker may exploit this issue to crash affected computers, denying service to legitimate users /* Testing ...

CWE-20 http://www.matousec.com/info/advisories/Norton-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php http://secunia.com/advisories/24677 http://www.securityfocus.com/bid/23241 http://www.securitytracker.com/id?1017837 http://www.securitytracker.com/id?1017838 http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php http://osvdb.org/34692 http://www.securitytracker.com/id?1021388 http://www.securitytracker.com/id?1021389 http://securityresponse.symantec.com/avcenter/security/Content/2008.12.12.html http://www.securitytracker.com/id?1021386 http://www.securitytracker.com/id?1021387 http://www.vupen.com/english/advisories/2007/1192 https://exchange.xforce.ibmcloud.com/vulnerabilities/33352 http://www.securityfocus.com/archive/1/479830/100/0/threaded http://www.securityfocus.com/archive/1/464456/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/29810/

CVE-2007-1793

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect