In association with heise online

24 October 2006, 11:52

Symantec driver enables expanded rights

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The SAVRT.SYS driver that is installed on Windows systems by Symantec's AntiVirus Corporate Edition and Client Security, opens up a security hole. Users could exploit this to cause the system to crash or have arbitrary program code executed with system rights.

An output buffer of the DeviceIOControl() function can override kernel addresses because the driver does not check the address space of this buffer. The drivers in versions 8.1 and 9.0.3 of Symantec's AntiVirus Corporate Edition and previous versions as well as Symantec's Client Security 1.1 and 2.0.3 and previous versions are affected. Symantec has released updates in a security advisory.

Also see:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit