Security Hole in Norton Antivirus 2002?

Discussion in 'other security issues & news' started by Antarctica, Aug 10, 2003.

Thread Status:
Not open for further replies.
  1. Antarctica

    Antarctica Registered Member

    Feb 25, 2003
    Symantec Norton AntiVirus Device Driver Privilege Escalation

    Release Date: 2003-08-06
    Critical: Less critical
    Impact: Privilege escalation
    Where: Local system
    Software: Norton AntiVirus 2002

    A vulnerability has been reported in Symantec Norton AntiVirus, which can be exploited by malicious, local users to escalate their privileges on a vulnerable system or cause it to crash.

    The vulnerability is caused due to an error in the Norton AntiVirus Device Driver (NAVAP.sys). This can be exploited by sending two specially crafted control codes using the DeviceIoControl() function, which request the device driver to perform certain operations.

    The first control code will supply specially crafted input to the requested operation via the lpInBuffer, which then returns output to the memory location specified by the lpOutBuffer. The memory contents in this location can then be changed to include arbitrary shellcode. Afterwards, the second control code can manipulate the drivers return address making it jump to the memory location previously specified by the lpOutBuffer.

    Successful exploitation either crashes the system or allows execution of arbitrary code with Kernel Mode (Ring 0) privileges.

    The vulnerability has been reported in version 2002. However, other versions are possibly also affected.

    Grant only trusted users access to affected systems.
Thread Status:
Not open for further replies.