Symantec driver enables expanded rights
The SAVRT.SYS driver that is installed on Windows systems by Symantec's AntiVirus Corporate Edition and Client Security, opens up a security hole. Users could exploit this to cause the system to crash or have arbitrary program code executed with system rights.
An output buffer of the DeviceIOControl() function can override kernel addresses because the driver does not check the address space of this buffer. The drivers in versions 8.1 and 9.0.3 of Symantec's AntiVirus Corporate Edition and previous versions as well as Symantec's Client Security 1.1 and 2.0.3 and previous versions are affected. Symantec has released updates in a security advisory.
- Symantec Device Driver Elevation of Privilege, Symantec's security advisory
(ehe)