1. Home
  2. CVE Database
  3. CVE-2007-1793
MEDIUM · 4.9

CVE-2007-1793

SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause ...

Vulnerability Description

SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected.

CVSS Score

4.9

MEDIUM

AV:L/AC:L/Au:N/C:N/I:N/A:C
Confidentiality
NONE
Integrity
NONE
Availability
COMPLETE

Affected Products

VendorProductVersions
SymantecAntivirus10.0
SymantecClient Security3.0
SymantecNorton 3601.0
SymantecNorton Antispam2004
SymantecNorton Antivirus2004
SymantecNorton Internet Security2004
SymantecNorton Personal Firewall2004
SymantecNorton System Works2004

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2007-1793?

CVE-2007-1793 is a vulnerability with a CVSS score of 4.9 (MEDIUM). SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause ...

How severe is CVE-2007-1793?

CVE-2007-1793 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-1793?

Check the references section above for vendor advisories and patch information. Affected products include: Symantec Antivirus, Symantec Client Security, Symantec Norton 360, Symantec Norton Antispam, Symantec Norton Antivirus.