---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ http://secunia.com/Linux_Security_Specialist/ ---------------------------------------------------------------------- TITLE: Symantec Norton Personal Firewall Hooked Functions Denial of Service SECUNIA ADVISORY ID: SA24677 VERIFY ADVISORY: http://secunia.com/advisories/24677/ CRITICAL: Not critical IMPACT: DoS WHERE: Local system SOFTWARE: Symantec Norton Personal Firewall 2006 http://secunia.com/product/6638/ DESCRIPTION: Matousec has discovered a vulnerability in Symantec Norton Personal Firewall 2006, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an input validation error in SPBBCDrv.sys when handling parameters of certain hooked functions. This can be exploited to crash the system by calling NtCreateMutant or NtOpenEvent with specially crafted parameters. The vulnerability is confirmed in version 9.0.0.73 and also reported in versions 9.1.1.7 and 9.1.0.33. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Matousec Transparent Security ORIGINAL ADVISORY: Matousec Transparent Security: http://www.matousec.com/info/advisories/Norton-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------