Denial of Service Vulnerability in Symantec Norton Personal Firewall and Other Products
CVE-2006-4855

Currently unrated

Key Information:

Vendor: Symantec
Status: Norton Antivirus; Client Security; Norton Internet Security; Norton Personal Firewall
Vendor: CVE Published:; 19 September 2006

Summary

The SymEvent driver in various versions of Symantec Norton Personal Firewall, Internet Security, AntiVirus, and other products is susceptible to a local denial of service attack. By sending invalid data via DeviceIoControl, a local user can trigger a system crash, leading to service disruption and potential downtime. This vulnerability highlights the importance of input validation in driver software to prevent unauthorized system manipulation.

References

http://securitytracker.com/id?1016892

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/21938

third-party-advisoryx_refsource_SECUNIA

http://securitytracker.com/id?1016893

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Sep 19, 2006
Vulnerability Reserved
Sep 19, 2006