CVE-2007-4648

Norman Virus Control <5.82 - Privilege Escalation

Title source: llm

Description

The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak permissions (unrestricted write access) for the NvcOa device, which allows local users to gain privileges by (1) triggering a buffer overflow in a kernel pool via a string argument to ioctl 0xBF67201C; or by (2) sending a crafted KEVENT structure through ioctl 0xBF672028 to overwrite arbitrary memory locations.

Exploits (1)

exploitdb WORKING POC VERIFIED

by inocraM · clocalwindows

https://www.exploit-db.com/exploits/4345

View Code ZIP pw:eip

References (6)

[Exploit] http://www.48bits.com/exploits/nvc.rar

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/478224/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25499

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36373

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018636

[Third Party Advisory] http://securityreason.com/securityalert/3087

Scores

EPSS 0.0016

EPSS Percentile 36.0%

Details

CWE

CWE-119

Status published

Products (1)

norman/norman_virus_control 5.82

Published Aug 31, 2007

Tracked Since Feb 18, 2026