Back to search
CVE-2006-4927
Published: Oct 5, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1016996
vdb-entry
x_refsource_SECTRACK
20061005 [Reversemode Advisory] Symantec Antivirus Engine Privilege Escalation
mailing-list
x_refsource_BUGTRAQ
1017001
vdb-entry
x_refsource_SECTRACK
http://www.symantec.com/avcenter/security/Content/2006.10.05a.html
x_refsource_CONFIRM
1017000
vdb-entry
x_refsource_SECTRACK
1016997
vdb-entry
x_refsource_SECTRACK
1016995
vdb-entry
x_refsource_SECTRACK
ADV-2006-3928
vdb-entry
x_refsource_VUPEN
1016998
vdb-entry
x_refsource_SECTRACK
20061005 Symantec AntiVirus IOCTL Kernel Privilege Escalation Vulnerability
third-party-advisory
x_refsource_IDEFENSE
1016994
vdb-entry
x_refsource_SECTRACK
22288
third-party-advisory
x_refsource_SECUNIA
20360
vdb-entry
x_refsource_BID
1016999
vdb-entry
x_refsource_SECTRACK
1017002
vdb-entry
x_refsource_SECTRACK
1690
third-party-advisory
x_refsource_SREASON
symantec-ioctl-privilege-escalation(29360)
vdb-entry
x_refsource_XF
VU#946820
third-party-advisory
x_refsource_CERT-VN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now