Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 




      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [security-alerts] FW: iDefense Security Advisory 10.05.06: Symantec AntiVirus IOCTL KernelPrivilege Escalation Vulnerability

Dear Kazennov, Vladimir,

  ,       :)

--Friday, October 6, 2006, 11:10:09 AM, you wrote to 

>> The vulnerability specifically exists due to improper address space
>> validation when the NAVENG and NAVEX15 device drivers process IOCTL
>> 0x222AD3, 0x222AD7, and 0x222ADB. An attacker can overwrite a user
>> supplied address, including code segments, with a constant double word
>> value by supplying a specially crafted Irp to the IOCTL handler
>> function.

You know my name - look up my number (Beatles)


Copyright © Lexa Software, 1996-2009.