CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2007-4648 – Norman Virus Control - 'nvcoaft51.sys' ioctl BF672028
https://notcve.org/view.php?id=CVE-2007-4648
The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak permissions (unrestricted write access) for the NvcOa device, which allows local users to gain privileges by (1) triggering a buffer overflow in a kernel pool via a string argument to ioctl 0xBF67201C; or by (2) sending a crafted KEVENT structure through ioctl 0xBF672028 to overwrite arbitrary memory locations. El controlador de dispositivo nvcoaft51 de Norman Virus Control (NVC) 5.82 utiliza permisos débiles (acceso de escritura no restringido) para el dispositivo NvcOa, lo cual permite a usuarios locales obtener privilegios al (1) disparar desbordamiento de búfer en un espacio de memoria del kernel mediante un argumento tipo cadena en ioctl 0xBF67201C; ó (2) enviando una estructura KEVENT manipulada hasta ioctl 0xBF672028 para sobre-escribir posiciones de memoria de su elección. • https://www.exploit-db.com/exploits/4345 http://securityreason.com/securityalert/3087 http://www.48bits.com/exploits/nvc.rar http://www.securityfocus.com/archive/1/478224/100/0/threaded http://www.securityfocus.com/bid/25499 http://www.securitytracker.com/id?1018636 https://exchange.xforce.ibmcloud.com/vulnerabilities/36373 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 18%CPEs: 1EXPL: 0CVE-2007-3951
https://notcve.org/view.php?id=CVE-2007-3951
Multiple buffer overflows in Norman Antivirus 5.90 allow remote attackers to execute arbitrary code via a crafted (1) ACE or (2) LZH file, resulting from an "integer cast around." Múltiples desbordamientos de búfer en Norman Antivirus 5.90 permite a atacantes remotos ejecutar código de su elección a través de archivos (1) ACE o (2) LZH manipulados, como resultado de un "redondedo del enterio lanzado". • http://osvdb.org/37982 http://osvdb.org/37983 http://secunia.com/advisories/26178 http://securityreason.com/securityalert/2912 http://www.nruns.com/security_advisory_Norman_all_ace_buffer_overflow.php http://www.nruns.com/security_advisory_norman_antivirus_lzh_buffer_overflow.php http://www.securityfocus.com/archive/1/474423/100/0/threaded http://www.securityfocus.com/archive/1/474432/100/0/threaded http://www.securityfocus.com/bid/25003 http://www.securityfocus.com/bid/25015 •
CVSS: 4.3EPSS: 8%CPEs: 1EXPL: 0CVE-2007-3953
https://notcve.org/view.php?id=CVE-2007-3953
The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to cause a denial of service via a crafted DOC file that triggers a divide-by-zero error. La validación OLE2 en Norman Antivirus anterior a 5.91.02 permite a atacantes remotos provocar denegación de servicio a través de archivos DOC manipulado que disparan un erro de división por cero. • http://osvdb.org/37980 http://secunia.com/advisories/26178 http://securityreason.com/securityalert/2914 http://www.nruns.com/security_advisory_norton_antivirus_doc_divide_by_zero_dos.php http://www.securityfocus.com/archive/1/474450/100/0/threaded http://www.securityfocus.com/bid/25014 http://www.securitytracker.com/id?1018438 http://www.vupen.com/english/advisories/2007/2619 https://exchange.xforce.ibmcloud.com/vulnerabilities/35554 •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3378
https://notcve.org/view.php?id=CVE-2005-3378
Multiple interpretation error in Norman 5.81 with the 5.83.02 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." • http://marc.info/?l=bugtraq&m=113026417802703&w=2 http://www.securityelf.org/magicbyte.html http://www.securityelf.org/magicbyteadv.html http://www.securityelf.org/updmagic.html http://www.securityfocus.com/bid/15189 •