CVE-2006-4927 - Vulnerability Details - OpenCVE

The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00423.

Key SSVC decision points have not yet been added.

Vendors	Products
Symantec	Naveng Driver Navex15 Driver

Configuration 1 [-]

OR	cpe:2.3:a:symantec:naveng_driver::::::::
	cpe:2.3:a:symantec:navex15_driver::::::::

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://secunia.com/advisories/22288
http://securityreason.com/securityalert/1690
http://securitytracker.com/id?1016994
http://securitytracker.com/id?1016995
http://securitytracker.com/id?1016996
http://securitytracker.com/id?1016997
http://securitytracker.com/id?1016998
http://securitytracker.com/id?1016999
http://securitytracker.com/id?1017000
http://securitytracker.com/id?1017001
http://securitytracker.com/id?1017002
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417
http://www.kb.cert.org/vuls/id/946820
http://www.securityfocus.com/archive/1/447849/100/0/threaded
http://www.securityfocus.com/bid/20360
http://www.symantec.com/avcenter/security/Content/2006.10.05a.html
http://www.vupen.com/english/advisories/2006/3928
https://exchange.xforce.ibmcloud.com/vulnerabilities/29360

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-10-05T21:00:00

Updated: 2024-08-07T19:32:22.313Z

Reserved: 2006-09-22T00:00:00

Link: CVE-2006-4927

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-10-10T04:06:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-4927

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-05T00:00:00", "descriptions": [{"lang": "en", "value": "The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1016996", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016996"}, {"name": "20061005 [Reversemode Advisory] Symantec Antivirus Engine Privilege Escalation", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/447849/100/0/threaded"}, {"name": "1017001", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017001"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.symantec.com/avcenter/security/Content/2006.10.05a.html"}, {"name": "1017000", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017000"}, {"name": "1016997", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016997"}, {"name": "1016995", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016995"}, {"name": "ADV-2006-3928", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3928"}, {"name": "1016998", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016998"}, {"name": "20061005 Symantec AntiVirus IOCTL Kernel Privilege Escalation Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417"}, {"name": "1016994", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016994"}, {"name": "22288", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22288"}, {"name": "20360", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20360"}, {"name": "1016999", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016999"}, {"name": "1017002", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017002"}, {"name": "1690", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1690"}, {"name": "symantec-ioctl-privilege-escalation(29360)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29360"}, {"name": "VU#946820", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/946820"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4927", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1016996", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016996"}, {"name": "20061005 [Reversemode Advisory] Symantec Antivirus Engine Privilege Escalation", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/447849/100/0/threaded"}, {"name": "1017001", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017001"}, {"name": "http://www.symantec.com/avcenter/security/Content/2006.10.05a.html", "refsource": "CONFIRM", "url": "http://www.symantec.com/avcenter/security/Content/2006.10.05a.html"}, {"name": "1017000", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017000"}, {"name": "1016997", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016997"}, {"name": "1016995", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016995"}, {"name": "ADV-2006-3928", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3928"}, {"name": "1016998", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016998"}, {"name": "20061005 Symantec AntiVirus IOCTL Kernel Privilege Escalation Vulnerability", "refsource": "IDEFENSE", "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417"}, {"name": "1016994", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016994"}, {"name": "22288", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22288"}, {"name": "20360", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20360"}, {"name": "1016999", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016999"}, {"name": "1017002", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017002"}, {"name": "1690", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1690"}, {"name": "symantec-ioctl-privilege-escalation(29360)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29360"}, {"name": "VU#946820", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/946820"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:32:22.313Z"}, "title": "CVE Program Container", "references": [{"name": "1016996", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016996"}, {"name": "20061005 [Reversemode Advisory] Symantec Antivirus Engine Privilege Escalation", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/447849/100/0/threaded"}, {"name": "1017001", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017001"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.symantec.com/avcenter/security/Content/2006.10.05a.html"}, {"name": "1017000", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017000"}, {"name": "1016997", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016997"}, {"name": "1016995", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016995"}, {"name": "ADV-2006-3928", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3928"}, {"name": "1016998", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016998"}, {"name": "20061005 Symantec AntiVirus IOCTL Kernel Privilege Escalation Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417"}, {"name": "1016994", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016994"}, {"name": "22288", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22288"}, {"name": "20360", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20360"}, {"name": "1016999", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016999"}, {"name": "1017002", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017002"}, {"name": "1690", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1690"}, {"name": "symantec-ioctl-privilege-escalation(29360)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29360"}, {"name": "VU#946820", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/946820"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4927", "datePublished": "2006-10-05T21:00:00", "dateReserved": "2006-09-22T00:00:00", "dateUpdated": "2024-08-07T19:32:22.313Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:naveng_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "1278247D-9258-46E2-91D7-29FB40C616D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:navex15_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "84278ED8-D4D2-4351-9A0E-5F811A4C06E9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB."}, {"lang": "es", "value": "Los controladores de dispositivo de (a) NAVENG (NAVENG.SYS) y (b) NAVEX15 (NAVEX15.SYS) 20061.3.0.12 y posteriores, utilizados en Symantec AntiVirus y en productos de seguridad, permiten a usuarios locales escalar privilegios sobreescribiendo direcciones cr\u00edticas del sistema utilizando un Irp (paquete de petici\u00f3n de Entrada/salida) creado artesanalmente para las funciones IOCTL (1) 0x222AD3, (2) 0x222AD7, y (3) 0x222ADB."}], "evaluatorSolution": "Update 20061.3.0.12 has been released by the vendor for each vulnerable driver.\r\nAdditionally, an update to the virus definitions (October 4, 2006 revision 9 or later) is required.", "id": "CVE-2006-4927", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-10-10T04:06:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/22288"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1690"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016994"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016995"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016996"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016997"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016998"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016999"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1017000"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1017001"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1017002"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/946820"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/447849/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/20360"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.symantec.com/avcenter/security/Content/2006.10.05a.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3928"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29360"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/22288"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1690"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016994"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016995"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016996"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016997"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016998"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016999"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1017000"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1017001"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1017002"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/946820"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/447849/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/20360"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.symantec.com/avcenter/security/Content/2006.10.05a.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/3928"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29360"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}