Local proof of concept exploit for the Symantec Antivirus Engine that requires no special privileges (5 of 6).
7718ea0485483a8c51e5532e6a7026b9a70bee7575e9d782a7f39f146bb990f2
Local proof of concept exploit for the Symantec Antivirus Engine (4 of 6).
3b29faa9132b4703f4e35c8a8ec09024b9cc65e357d9853556227bfd2ad4c9db
Local proof of concept exploit for the Symantec Antivirus Engine (3 of 6).
8eea8ca29fb3ff25e0368e41bf061974a45d3cdeb846e266b5cf55e191c2a385
Local proof of concept exploit for the Symantec Antivirus Engine (2 of 6).
a2449219141ac29887221691004cb2dab5400474056ce5c41cda9b14a0b6244c
Local proof of concept exploit for the Symantec Antivirus Engine (1 of 6).
020ec8d9ce5d3255c029d3b03dcd46000ebe2bddbc2eff9c86818ce8a441e4fc
The Symantec Antivirus Engine drivers NAVEX15.sys and NAVENG.sys are susceptible to privilege escalation attacks.
d5f65664b43a323c2a435f57a944a3583d1a1e92479ed775da15a872c6553ee5
iDefense Security Advisory 10.05.06 - Local exploitation of a design error vulnerability in Symantec Corp. AntiVirus can allow an attacker to execute arbitrary code with kernel privileges. The vulnerability specifically exists due to improper address space validation when the NAVENG and NAVEX15 device drivers process IOCTL 0x222AD3, 0x222AD7, and 0x222ADB. An attacker can overwrite a user supplied address, including code segments, with a constant double word value by supplying a specially crafted Irp to the IOCTL handler function. iDefense has confirmed the existence of this vulnerability within version 10 of Symantec Client Security as of this writing. Previous versions, as well as relating products, which contain the NAVENG.SYS and NAVEX15.SYS drivers are suspected to be vulnerable as well.
732efba97b7ec341bff44782696cd383114b701e321b698f5802c60077ca466c
iDefense Security Advisory 09.12.06 - Remote exploitation of a heap-based buffer overflow in Apple Computer's QuickTime Player could allow attackers to execute code under the privileges of the affected application. A FLIC file is an animation file consisting of a number of frames, each of which is made up of an image and may contain other information such as a palette or a label. The vulnerability specifically exists in the handling of the COLOR_64 chunk in FLIC format files. QuickTime does not validate that the data size allocated to store the palette is large enough, allowing a malformed file to cause controllable heap corruption. iDefense Labs confirmed that version 7.1 of the QuickTime player is vulnerable. It is suspected that all previous versions are also affected.
8bcabb0d8beb068b97d485b6166612603ed049aad375daf5647a8eed72680052
The Kernel Object Manager is prone to a deadlock situation which could be exploitable making unkillable any process running, complicating its elimination. Exploit included.
17871ea1d002a3e25ba2cf1431e565ed676c7752e14f1d0fb9ed45a6c632038d
Whitepaper discussing the fact that the Microsoft Server Message Block Redirector Driver (mrxsmb.sys) does not verify the user-mode buffer properly, allowing any user to overwrite any desired memory address. The successful exploitation results in Ring0 code execution.
8e72140b6ea3bdc38e8d99a76cc14e568dce6926a301540aba00a78f7cb44a46
iDefense Security Advisory 02.01.06 - It has been found that a specially crafted m3u or pls file can overwrite a stack based buffer allowing for remote code execution. This vulnerability is specific to the 5.11 version of Winamp and does not affect previous versions.
55cfc9433a739a9d58acb02156040187fb0c6d1dfe185aad02576b64a0fdf607