CVE-2007-1793 Information

Description

SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60 and possibly other versions back to 2006 are also affected.

Reference

http://osvdb.org/34692 http://secunia.com/advisories/24677 http://securityresponse.symantec.com/avcenter/security/Content/2008.12.12.html http://www.matousec.com/info/advisories/Norton-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php http://www.securityfocus.com/archive/1/464456/100/0/threaded http://www.securityfocus.com/archive/1/479830/100/0/threaded http://www.securityfocus.com/bid/23241 http://www.securitytracker.com/id?1017837 http://www.securitytracker.com/id?1017838 http://www.securitytracker.com/id?1021386 http://www.securitytracker.com/id?1021387 http://www.securitytracker.com/id?1021388 http://www.securitytracker.com/id?1021389 http://www.vupen.com/english/advisories/2007/1192 https://exchange.xforce.ibmcloud.com/vulnerabilities/33352