CVE-2007-1476

Symantec Client Security < 2006_9.1.1.7 - Improper Input Validation

Title source: rule
STIX 2.1

Description

The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855.

Exploits (1)

exploitdb WRITEUP VERIFIED
by David Matousek · textdoswindows
https://www.exploit-db.com/exploits/29743

References (9)

Core 9
Core References
Mailing List mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=117396596027148&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33003
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/35088
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/462926/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22977
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2438
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1018656

Scores

EPSS 0.0029
EPSS Percentile 52.0%

Details

CWE
CWE-20
Status published
Products (45)
symantec/client_security 2.0 (4 CPE variants)
symantec/client_security 2.0.1
symantec/client_security 2.0.1_build_9.0.1.1000 mr1
symantec/client_security 2.0.2
symantec/client_security 2.0.2_build_9.0.2.1000 mr2
symantec/client_security 2.0.3
symantec/client_security 2.0.3_build_9.0.3.1000 mr3
symantec/client_security 2.0.4 (2 CPE variants)
symantec/client_security 2.0.5
symantec/client_security 2.0.5_build_1100
... and 35 more
Published Mar 16, 2007
Tracked Since Feb 18, 2026