Exploitation Summary
EIP tracks 1 public exploit for CVE-2003-1310. PoCs published by Lord Yup.
AI-analyzed exploit summary This exploit targets a memory corruption vulnerability in Symantec Norton AntiVirus Device Driver (CVE-2003-1310) by leveraging an unvalidated pointer in DeviceIoControl to overwrite memory and execute arbitrary shellcode. The PoC allocates executable memory, fills it with NOPs and shellcode, and triggers the vulnerability to achieve privilege escalation.
Description
The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack").
Exploits (1)
This exploit targets a memory corruption vulnerability in Symantec Norton AntiVirus Device Driver (CVE-2003-1310) by leveraging an unvalidated pointer in DeviceIoControl to overwrite memory and execute arbitrary shellcode. The PoC allocates executable memory, fills it with NOPs and shellcode, and triggers the vulnerability to achieve privilege escalation.