Published: 31/08/2007 Updated: 15/10/2018

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak permissions (unrestricted write access) for the NvcOa device, which allows local users to gain privileges by (1) triggering a buffer overflow in a kernel pool via a string argument to ioctl 0xBF67201C; or by (2) sending a crafted KEVENT structure through ioctl 0xBF672028 to overwrite arbitrary memory locations.

Vulnerable Product	Search on Vulmon	Subscribe to Product
norman norman virus control 5.82

/* Norman Virus Control nvcoaft51sys ioctl BF672028 exploit Abstract nvcoaft51sys driver receive as parameter in some ioctl's a pointer to a KEVENT struct, calling KeSetEvent without any prior check The device created by the driver (NvcOa) can be opened by any user As result, a user can send a IOCTL with a fake KEVENT str ...

CWE-119 http://www.48bits.com/exploits/nvc.rar http://www.securityfocus.com/bid/25499 http://www.securitytracker.com/id?1018636 http://securityreason.com/securityalert/3087 https://exchange.xforce.ibmcloud.com/vulnerabilities/36373 http://www.securityfocus.com/archive/1/478224/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/4345/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-4648

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect