RSS   Vulnerabilities for 'Norman virus control'   RSS

2007-08-31
 
CVE-2007-4648

CWE-119
 

 
The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak permissions (unrestricted write access) for the NvcOa device, which allows local users to gain privileges by (1) triggering a buffer overflow in a kernel pool via a string argument to ioctl 0xBF67201C; or by (2) sending a crafted KEVENT structure through ioctl 0xBF672028 to overwrite arbitrary memory locations.

 
2007-07-24
 
CVE-2007-3953

 

 
The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to cause a denial of service via a crafted DOC file that triggers a divide-by-zero error.

 
 
CVE-2007-3951

 

 
Multiple buffer overflows in Norman Antivirus 5.90 allow remote attackers to execute arbitrary code via a crafted (1) ACE or (2) LZH file, resulting from an "integer cast around."

 
2005-10-30
 
CVE-2005-3378

 

 
Multiple interpretation error in Norman 5.81 with the 5.83.02 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

 

 >>> Vendor: Norman 8 Products
Virus control antivirus
Norman virus control
Norman sandbox analyzer
Normon antivirus
Norman antivirus & antispyware
Norman antivirus %26 antispyware
Security suite
Malware cleaner


Copyright 2024, cxsecurity.com

 

Back to Top