Advisory 2006-07-15.02
Norton Insufficient protection of Norton service registry keys
Basic information:

Release date: July 15, 2006

Last update: July 17, 2006

Type: Implementation bugs

Character: System crash

Status: Unpatched bugs

Risk: Serious bugs

Exploitability: Locally exploitable bugs

Discoverability: Hardly discoverable bugs

Testing program: BTP00004P002NF.zip
Description:

Norton insufficiently checks calling standard Windows API functions RegSaveKey, RegRestoreKey and RegDeleteKey. A proper combination of mentioned function calls on registry key 'HKLM\SYSTEM\CurrentControlSet\Services\SNDSrvc' or on key 'HKLM\SYSTEM\CurrentControlSet\Services\SymEvent' causes a system crash due to erroneous implementation of Norton's driver.
Vulnerable software:

    * Norton Personal Firewall 2006 version 9.1.0.33
    * probably all versions of Norton Personal Firewall 2006 and Norton Internet Security 2006
    * possibly older versions of Norton Personal Firewall and Norton Internet Security

Events:

    * 2006-07-17: Vulnerability confirmed by popular information sources
    * 2006-07-15: Advisory released
    * 2006-07-15: Vendor notification