CVE-2007-3673

Symantec symtdi.sys <7.0.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3673. PoCs published by Zohiartze Herce.

AI-analyzed exploit summary This is a writeup for CVE-2007-3673, a local privilege escalation vulnerability in Symantec AntiVirus's symtdi.sys driver. The advisory references an external download link for the exploit code but does not contain executable code itself.

Description

Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Zohiartze Herce · textlocalwindows

https://www.exploit-db.com/exploits/4178

View Code ZIP pw:eip

This is a writeup for CVE-2007-3673, a local privilege escalation vulnerability in Symantec AntiVirus's symtdi.sys driver. The advisory references an external download link for the exploit code but does not contain executable code itself.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Symantec AntiVirus (symtdi.sys driver)

No auth needed

Prerequisites: Local access to the target system · Presence of vulnerable Symantec AntiVirus installation

MITRE ATT&CK