CVE-2003-1310
Symantec Norton AntiVirus 2002/2003 - Device Driver Memory Overwrite
Severity Score
4.6
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack").
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2003-08-02 First Exploit
- 2003-12-31 CVE Published
- 2006-11-30 CVE Reserved
- 2023-03-08 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://sec-labs.hack.pl/papers/win32ddc.php | X_refsource_misc | |
http://www.osvdb.org/4362 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/12824 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/22980 | 2003-08-02 | |
http://www.securityfocus.com/bid/8329 | 2024-08-08 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/9460 | 2017-07-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Symantec Search vendor "Symantec" | Norton Antivirus Search vendor "Symantec" for product "Norton Antivirus" | 2002 Search vendor "Symantec" for product "Norton Antivirus" and version "2002" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Norton Antivirus Search vendor "Symantec" for product "Norton Antivirus" | 2003 Search vendor "Symantec" for product "Norton Antivirus" and version "2003" | - |
Affected
|