Advisory 2006-07-15.02

Norton Insufficient protection of Norton service registry keys

Basic information:

Description:

Norton insufficiently checks calling standard Windows API functions RegSaveKey, RegRestoreKey and RegDeleteKey. A proper combination of mentioned function calls on registry key 'HKLM\SYSTEM\CurrentControlSet\Services\SNDSrvc' or on key 'HKLM\SYSTEM\CurrentControlSet\Services\SymEvent' causes a system crash due to erroneous implementation of Norton's driver.

Vulnerable software:

• Norton Personal Firewall 2006 version 9.1.0.33
• probably all versions of Norton Personal Firewall 2006 and Norton Internet Security 2006
• possibly older versions of Norton Personal Firewall and Norton Internet Security

Events:

• 2006-07-26: Candidate for inclusion in the CVE list
• 2006-07-17: Vulnerability confirmed by popular information sources
• 2006-07-15: Advisory released
• 2006-07-15: Vendor notification

References:

• National Vulnerability Database
• Common Vulnerabilities and Exposures
• Packet Storm Security Advisory
• SecurityFocus Vulnerabilities
• Symantec Norton Personal Firewall

valid HTML 4.01 · valid CSS 2 · optimized for you · design by martina · powered by jan · generated on March 13, 2010