Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17928
HistoryAug 31, 2007 - 12:00 a.m.

[48bits] Advisory : Multiple vulnerabilities in Norman NVC 5.82 driver

2007-08-3100:00:00
vulners.com
8
JSON

Abstract:

There are multiple bugs in nvcoaft51 driver from Norman products.
These bugs could be locally exploited by a malicious user in order
to gain unlimited access to the system.

Nvcoaft51 driver creates a device named NvcOa without a restrictive
security descriptor, so any user can open it and send control codes
directly to the device driver. Arbitrary code execution at kernel mode
is possible because the code that manages IOCTL's is not bug free.

Detailed information and proof of concept exploit code of a tricky
kernel pool overflow can be downloaded here :

http://www.48bits.com/exploits/nvc.rar

Cheers,

InocraM – inocram[at]48bits[dot]com
[48Bits I+D Team]

JSON