|
|
|
|
| |
Credit:
The information has been provided by Symantec.
The original article can be found at: http://www.symantec.com/avcenter/security/Content/2006.10.23.html
|
| |
Affected Products:
* Symantec AntiVirus Corporate Edition version 8.1
* Symantec AntiVirus Corporate Edition version 9.0.3 and earlier
* Symantec Client Security version 1.1
* Symantec Client Security version 2.0.3 and earlier
Unaffected Products:
* Symantec AntiVirus Corporate Edition version 8.1.1 MR9
* Symantec AntiVirus Corporate Edition version 9.0.4 and later
* Symantec AntiVirus Corporate Edition version 10.x
* Symantec Client Security version 3.x
* Norton AntiVirus 2005 and later
* Norton Internet Security 2005 and later
* Norton System Works 2005 and later
Boon Seng Lim notified Symantec of a vulnerability in SAVRT.SYS which could allow a malicious user to use the output buffer of DeviceIOControl()to overwrite kernel addresses because the address space of the output buffer was not properly validated. A successful exploit could potentially allow a local attacker to execute code of their choice with elevated privileges, or to crash the system.
Symantec Response:
Symantec engineers verified that this issue exists in the affted products list above, and have released updates for currently supported affected products.
Symantec is not aware of any customers impacted by this issue, or of any attempts to exploit the issue.
Any future updates to this adivsory will be posted in the Symantec Advisory:
http://www.symantec.com/avcenter/security/Content/2006.10.23.html
CVE Information:
CVE-2006-3455
|
|
|
|
|
