CVE-2006-4927 | Vulnerability Database | Aqua Security

The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB.

Affected Software

Name	Vendor	Start Version	End Version
Naveng_driver	Symantec	*	*
Navex15_driver	Symantec	*	*

References

http://secunia.com/advisories/22288
http://securityreason.com/securityalert/1690
http://securitytracker.com/id?1016994
http://securitytracker.com/id?1016995
http://securitytracker.com/id?1016996
http://securitytracker.com/id?1016997
http://securitytracker.com/id?1016998
http://securitytracker.com/id?1016999
http://securitytracker.com/id?1017000
http://securitytracker.com/id?1017001
http://securitytracker.com/id?1017002
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417
http://www.kb.cert.org/vuls/id/946820
http://www.securityfocus.com/archive/1/447849/100/0/threaded
http://www.securityfocus.com/bid/20360
http://www.symantec.com/avcenter/security/Content/2006.10.05a.html
http://www.vupen.com/english/advisories/2006/3928
https://exchange.xforce.ibmcloud.com/vulnerabilities/29360
http://secunia.com/advisories/22288
http://securityreason.com/securityalert/1690
http://securitytracker.com/id?1016994
http://securitytracker.com/id?1016995
http://securitytracker.com/id?1016996
http://securitytracker.com/id?1016997
http://securitytracker.com/id?1016998
http://securitytracker.com/id?1016999
http://securitytracker.com/id?1017000
http://securitytracker.com/id?1017001
http://securitytracker.com/id?1017002
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417
http://www.kb.cert.org/vuls/id/946820
http://www.securityfocus.com/archive/1/447849/100/0/threaded
http://www.securityfocus.com/bid/20360
http://www.symantec.com/avcenter/security/Content/2006.10.05a.html
http://www.vupen.com/english/advisories/2006/3928
https://exchange.xforce.ibmcloud.com/vulnerabilities/29360

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-4927
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html