Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [security-alerts] FW: iDefense Security Advisory 10.05.06: Symantec AntiVirus IOCTL KernelPrivilege Escalation Vulnerability
Dear Kazennov, Vladimir,
Это локальная дырка, для безопасности почты совсем не критично :)
--Friday, October 6, 2006, 11:10:09 AM, you wrote to
security-alerts@xxxxxxxxxxxxxx:
>>
>> The vulnerability specifically exists due to improper address space
>> validation when the NAVENG and NAVEX15 device drivers process IOCTL
>> 0x222AD3, 0x222AD7, and 0x222ADB. An attacker can overwrite a user
>> supplied address, including code segments, with a constant double word
>> value by supplying a specially crafted Irp to the IOCTL handler
>> function.
>>
--
~/ZARAZA
You know my name - look up my number (Beatles)
|
