Filtered by vendor Norman Subscriptions
Filtered by product Norman Virus Control Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2007-4648 1 Norman 1 Norman Virus Control 2024-11-21 N/A
The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak permissions (unrestricted write access) for the NvcOa device, which allows local users to gain privileges by (1) triggering a buffer overflow in a kernel pool via a string argument to ioctl 0xBF67201C; or by (2) sending a crafted KEVENT structure through ioctl 0xBF672028 to overwrite arbitrary memory locations.
CVE-2007-3953 1 Norman 1 Norman Virus Control 2024-11-21 N/A
The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to cause a denial of service via a crafted DOC file that triggers a divide-by-zero error.
CVE-2007-3951 1 Norman 1 Norman Virus Control 2024-11-21 N/A
Multiple buffer overflows in Norman Antivirus 5.90 allow remote attackers to execute arbitrary code via a crafted (1) ACE or (2) LZH file, resulting from an "integer cast around."
CVE-2005-3378 1 Norman 1 Norman Virus Control 2024-11-21 N/A
Multiple interpretation error in Norman 5.81 with the 5.83.02 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."