CVE-2007-5047

Currently unrated

Key Information:

Vendor: Symantec
Status: Norton Internet Security
Vendor: CVE Published:; 24 September 2007

Summary

Norton Internet Security 2008 15.0.0.60 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the NtOpenSection kernel SSDT hook. NOTE: the NtCreateMutant and NtOpenEvent function hooks are already covered by CVE-2007-1793.

References

http://osvdb.org/45897

vdb-entryx_refsource_OSVDB

http://securityreason.com/securityalert/3161

third-party-advisoryx_refsource_SREASON

http://www.matousec.com/info/advisories/plague-in-securit...

x_refsource_MISC

Timeline

Vulnerability published
Sep 24, 2007
Vulnerability Reserved
Sep 23, 2007