CVE-2007-5047

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.2HIGH

EPSS

0.1%

top 82.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Norton Internet Security

Timeline

PublishedSep 24

Latest updateMay 1

Description

Norton Internet Security 2008 15.0.0.60 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the NtOpenSection kernel SSDT hook. NOTE: the NtCreateMutant and NtOpenEvent function hooks are already covered by CVE-2007-1793.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDsymantec/norton_internet_security2008_15.0.0.60

🔴Vulnerability Details

GHSA

GHSA-r59q-696w-6whc: Norton Internet Security 2008 15↗2022-05-01

▶

CVEList

CVE-2007-5047: Norton Internet Security 2008 15↗2007-09-24

▶