NVD

Id
53965  
Name
CVE-2007-1793  
Description
SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected.  
Reject
 
CVSS Version
2  
CVSS Score
4.9  
Severity
Medium  
CVSS Base Score
4.9  
CVSS Impact Subscore
6.9  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:N/I:N/A:C)  
Pub Date
2017-01-07  
Published
2007-04-02  
Modified Date
2011-08-08  
Seq
2007-1793  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
273640 53965 CVE-2007-1793 http://securityresponse.symantec.com/avcenter/security/Content/2008.12.12.html  View
273641 53965 CVE-2007-1793 http://www.matousec.com/info/advisories/Norton-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php  View
273642 53965 CVE-2007-1793 http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php  View
273643 53965 CVE-2007-1793 http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php  View
273644 53965 CVE-2007-1793 20070401 Norton Multiple insufficient argument validation of hooked SSDT function Vulnerability  View
273645 53965 CVE-2007-1793 20070918 Plague in (security) software drivers & BSDOhook utility  View
273646 53965 CVE-2007-1793 23241  View
273647 53965 CVE-2007-1793 1017837  View
273648 53965 CVE-2007-1793 1017838  View
273649 53965 CVE-2007-1793 1021386  View
273650 53965 CVE-2007-1793 1021387  View
273651 53965 CVE-2007-1793 1021388  View
273652 53965 CVE-2007-1793 1021389  View
273653 53965 CVE-2007-1793 ADV-2007-1192  View
273654 53965 CVE-2007-1793 symantec-firewall-ssdt-dos(33352)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
56639 JVNDB-2007-005331 Symantec Norton Personal Firewall の SPBBCDrv.sys におけるサービス運用妨害 (DoS) の脆弱性 Symantec Norton Personal Firewall の SPBBCDrv.sys は、フックされた SSDT 関数ハンドラに受け渡される前に特定の引数を検証しないため、サービス運用妨害 (クラッシュ) 状態となる、または任意のコードを実行される脆弱性が存在します。 CVE-2007-1793 25148 CVE-2007-1793 53965 4.9 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-005331.html 2007-04-02 2012-12-20 View