CVE-2007-4648

Norman Virus Control <5.82 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4648. PoCs published by inocraM.

AI-analyzed exploit summary This exploit targets a vulnerability in Norman Virus Control's nvcoaft51.sys driver, which allows unprivileged users to execute arbitrary code in ring0 by sending a crafted IOCTL with a fake KEVENT structure. The exploit is designed for Windows XP SP2 and leverages the driver's lack of input validation.

Description

The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak permissions (unrestricted write access) for the NvcOa device, which allows local users to gain privileges by (1) triggering a buffer overflow in a kernel pool via a string argument to ioctl 0xBF67201C; or by (2) sending a crafted KEVENT structure through ioctl 0xBF672028 to overwrite arbitrary memory locations.

Exploits (1)

exploitdb WORKING POC VERIFIED

by inocraM · clocalwindows

https://www.exploit-db.com/exploits/4345

View Code ZIP pw:eip

This exploit targets a vulnerability in Norman Virus Control's nvcoaft51.sys driver, which allows unprivileged users to execute arbitrary code in ring0 by sending a crafted IOCTL with a fake KEVENT structure. The exploit is designed for Windows XP SP2 and leverages the driver's lack of input validation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Norman Virus Control nvcoaft51.sys driver

No auth needed

Prerequisites: Norman Virus Control installed · Windows XP SP2

MITRE ATT&CK