Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1310 — Norton Antivirus vulnerability

4 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

0.5%

top 32.93%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Symantec Norton Antivirus

Timeline

PublishedDec 31

Latest updateApr 29

Description

The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack").

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDsymantec/norton_antivirus2002, 2003+1

🔴Vulnerability Details

GHSA

GHSA-8rjq-mvw5-whpr: The DeviceIoControl function in the Norton Device Driver (NAVAP↗2022-04-29

▶

CVEList

CVE-2003-1310: The DeviceIoControl function in the Norton Device Driver (NAVAP↗2006-11-30

▶

💥Exploits & PoCs

Exploit-DB

Symantec Norton AntiVirus 2002/2003 - Device Driver Memory Overwrite↗2003-08-02

▶