Denial of Service Vulnerability in Symantec Norton Personal Firewall and Other Products
CVE-2006-4855

Currently unrated

Key Information:

Vendor

Symantec
Status
Norton Antivirus
Client Security
Norton Internet Security
Norton Personal Firewall
Vendor
CVE Published:
19 September 2006

What is CVE-2006-4855?

The SymEvent driver in various versions of Symantec Norton Personal Firewall, Internet Security, AntiVirus, and other products is susceptible to a local denial of service attack. By sending invalid data via DeviceIoControl, a local user can trigger a system crash, leading to service disruption and potential downtime. This vulnerability highlights the importance of input validation in driver software to prevent unauthorized system manipulation.

References

http://securitytracker.com/id?1016892
vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/21938
third-party-advisoryx_refsource_SECUNIA
http://securitytracker.com/id?1016893
vdb-entryx_refsource_SECTRACK

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2006-4855 : Denial of Service Vulnerability in Symantec Norton Personal Firewall and Other Products