Norton Internet Security 2008 Vulnerability in SSDT Handlers
CVE-2007-5047

Currently unrated

Key Information:

Vendor: Symantec
Status: Norton Internet Security
Vendor: CVE Published:; 24 September 2007

Summary

A parameter validation flaw exists in Norton Internet Security 2008, allowing local users to exploit function handlers in the System Service Descriptor Table (SSDT). This vulnerability may result in denial of service (system crash) due to improper handling of certain parameters, potentially enabling unauthorized privilege escalation via the NtOpenSection kernel hook. Note that similar issues are noted in other related vulnerabilities.

References

http://osvdb.org/45897

vdb-entryx_refsource_OSVDB

http://securityreason.com/securityalert/3161

third-party-advisoryx_refsource_SREASON

http://www.matousec.com/info/advisories/plague-in-securit...

x_refsource_MISC

Timeline

Vulnerability published
Sep 24, 2007
Vulnerability Reserved
Sep 23, 2007