CVE-2006-4855

Description

The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.

Affected products

• Symantec / client_security1.0 – 1.0
• Symantec / client_security1.0.0_b8.01.9378 – 1.0.0_b8.01.9378
• Symantec / client_security1.0.1 – 1.0.1
• Symantec / client_security1.0.1_build_8.01.425a – 1.0.1_build_8.01.425a
• Symantec / client_security1.0.1_build_8.01.429c – 1.0.1_build_8.01.429c
• Symantec / client_security1.0.1_build_8.01.434 – 1.0.1_build_8.01.434
• Symantec / client_security1.0.1_build_8.01.437 – 1.0.1_build_8.01.437
• Symantec / client_security1.0.1_build_8.01.446 – 1.0.1_build_8.01.446
• Symantec / client_security1.0.1_build_8.01.457 – 1.0.1_build_8.01.457
• Symantec / client_security1.0.1_build_8.01.460 – 1.0.1_build_8.01.460
• Symantec / client_security1.0.1_build_8.01.464 – 1.0.1_build_8.01.464
• Symantec / client_security1.0.1_build_8.01.471 – 1.0.1_build_8.01.471
• Symantec / client_security1.0.1_build_8.01.501 – 1.0.1_build_8.01.501
• Symantec / client_security1.0_build_8.01.9374 – 1.0_build_8.01.9374
• Symantec / client_security1.1 – 1.1
• Symantec / client_security1.1.1 – 1.1.1
• Symantec / client_security1.1.1_build_393 – 1.1.1_build_393
• Symantec / client_security1.1.1_mr1_build_8.1.1.314a – 1.1.1_mr1_build_8.1.1.314a
• Symantec / client_security1.1.1_mr2_build_8.1.1.319 – 1.1.1_mr2_build_8.1.1.319
• Symantec / client_security1.1.1_mr3_build_8.1.1.323 – 1.1.1_mr3_build_8.1.1.323
• Symantec / client_security1.1.1_mr4_build_8.1.1.329 – 1.1.1_mr4_build_8.1.1.329
• Symantec / client_security1.1.1_mr5_build_8.1.1.336 – 1.1.1_mr5_build_8.1.1.336
• Symantec / client_security1.1.1_mr6_b8.1.1.266 – 1.1.1_mr6_b8.1.1.266
• Symantec / client_security1.1_stm_b8.1.0.825a – 1.1_stm_b8.1.0.825a
• Symantec / client_security2.0 – 2.0
• Symantec / client_security2.0.1_build_9.0.1.1000 – 2.0.1_build_9.0.1.1000
• Symantec / client_security2.0.2_build_9.0.2.1000 – 2.0.2_build_9.0.2.1000
• Symantec / client_security2.0.3_build_9.0.3.1000 – 2.0.3_build_9.0.3.1000
• Symantec / client_security2.0.5_build_1100 – 2.0.5_build_1100
• Symantec / client_security2.0_scf_7.1 – 2.0_scf_7.1
• Symantec / client_security2.0_stm_build_9.0.0.338 – 2.0_stm_build_9.0.0.338
• Symantec / client_security3.0 – 3.0
• Symantec / client_security3.1 – 3.1
• Symantec / host_ids
• Symantec / norton_antivirus2.1 – 2.1
• Symantec / norton_antivirus8.0 – 8.0
• Symantec / norton_antivirus8.0.1 – 8.0.1
• Symantec / norton_antivirus8.0.1.425a – 8.0.1.425a
• Symantec / norton_antivirus8.0.1.425c – 8.0.1.425c
• Symantec / norton_antivirus8.0.1.501 – 8.0.1.501
• Symantec / norton_antivirus8.0.1.9374 – 8.0.1.9374
• Symantec / norton_antivirus8.0.1.9378 – 8.0.1.9378
• Symantec / norton_antivirus8.1 – 8.1
• Symantec / norton_antivirus8.1.0.825a – 8.1.0.825a
• Symantec / norton_antivirus8.1.1 – 8.1.1
• Symantec / norton_antivirus8.1.1.319 – 8.1.1.319
• Symantec / norton_antivirus8.1.1.323 – 8.1.1.323
• Symantec / norton_antivirus8.1.1.329 – 8.1.1.329
• Symantec / norton_antivirus8.1.1.366 – 8.1.1.366
• Symantec / norton_antivirus8.1.1.377 – 8.1.1.377
• Symantec / norton_antivirus8.1.1_build8.1.1.314a – 8.1.1_build8.1.1.314a
• Symantec / norton_antivirus8.1.1_build393 – 8.1.1_build393
• Symantec / norton_antivirus8.01.434 – 8.01.434
• Symantec / norton_antivirus8.01.437 – 8.01.437
• Symantec / norton_antivirus8.01.446 – 8.01.446
• Symantec / norton_antivirus8.01.457 – 8.01.457
• Symantec / norton_antivirus8.01.460 – 8.01.460
• Symantec / norton_antivirus8.01.464 – 8.01.464
• Symantec / norton_antivirus8.01.471 – 8.01.471
• Symantec / norton_antivirus9.0 – 9.0
• Symantec / norton_antivirus9.0.0.338 – 9.0.0.338
• Symantec / norton_antivirus9.0.1.1.1000 – 9.0.1.1.1000
• Symantec / norton_antivirus9.0.2.1000 – 9.0.2.1000
• Symantec / norton_antivirus9.0.3.1000 – 9.0.3.1000
• Symantec / norton_antivirus9.0.4 – 9.0.4
• Symantec / norton_antivirus9.0.5 – 9.0.5
• Symantec / norton_antivirus9.0.5.1100 – 9.0.5.1100
• Symantec / norton_antivirus10.0 – 10.0
• Symantec / norton_antivirus10.0.2.2000 – 10.0.2.2000
• Symantec / norton_antivirus10.0.2.2001 – 10.0.2.2001
• Symantec / norton_antivirus10.0.2.2002 – 10.0.2.2002
• Symantec / norton_antivirus10.0.2.2010 – 10.0.2.2010
• Symantec / norton_antivirus10.0.2.2011 – 10.0.2.2011
• Symantec / norton_antivirus10.0.2.2020 – 10.0.2.2020
• Symantec / norton_antivirus10.0.2.2021 – 10.0.2.2021
• Symantec / norton_antivirus10.1 – 10.1
• Symantec / norton_antivirus2003 – 2003
• Symantec / norton_antivirus2003 – 2003
• Symantec / norton_antivirus2004 – 2004
• Symantec / norton_antivirus2005 – 2005
• Symantec / norton_antivirus2006 – 2006
• Symantec / norton_antivirus2007 – 2007
• Symantec / norton_internet_security2003 – 2003
• Symantec / norton_internet_security2003 – 2003
• Symantec / norton_internet_security2004 – 2004
• Symantec / norton_internet_security2004 – 2004
• Symantec / norton_internet_security2005 – 2005
• Symantec / norton_internet_security2005 – 2005
• Symantec / norton_internet_security2006 – 2006
• Symantec / norton_internet_security2007 – 2007
• Symantec / norton_personal_firewall2003 – 2003
• Symantec / norton_personal_firewall2004 – 2004
• Symantec / norton_personal_firewall2005 – 2005
• Symantec / norton_personal_firewall2006 – 2006
• Symantec / norton_system_works2003_professional_edition – 2003_professional_edition
• Symantec / norton_system_works2004 – 2004
• Symantec / norton_system_works2004_professional_edition – 2004_professional_edition
• Symantec / norton_system_works2005 – 2005
• Symantec / norton_system_works2005_premier – 2005_premier
• Symantec / norton_system_works2006 – 2006
• Symantec / pcanywhere11.5 – 11.5

References

• MISChttp://securitytracker.com/id?1016892
• VENDOR_ADVISORYhttp://secunia.com/advisories/21938
• MISChttp://securitytracker.com/id?1016893
• MISChttp://securitytracker.com/id?1016895
• MISChttp://securitytracker.com/id?1016889
• MISChttp://www.securityfocus.com/archive/1/446111/100/0/threaded
• MISChttp://securitytracker.com/id?1016897
• MISChttp://securityreason.com/securityalert/1591
• MISChttp://securitytracker.com/id?1016896
• VENDOR_ADVISORYhttp://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php
• MISChttp://www.securityfocus.com/bid/20051
• MISChttp://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/3636
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/28960
• MISChttp://securitytracker.com/id?1016894
• MISChttp://securitytracker.com/id?1016898