Vulnerability Name:

CVE-2007-3673 (CCN-35347)

Assigned:2007-07-11
Published:2007-07-11
Updated:2017-07-29
Summary:Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2007-3673

Source: IDEFENSE
Type: Patch
20070711 Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability

Source: OSVDB
Type: UNKNOWN
36117

Source: CCN
Type: SA26042
Symantec Products SYMTDI.SYS IOCTL Handler Privilege Escalation

Source: SECUNIA
Type: Vendor Advisory
26042

Source: CCN
Type: SYM07-018
Symantec SYMTDI.SYS Device Driver Local Elevation of Privilege

Source: CONFIRM
Type: UNKNOWN
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html

Source: CCN
Type: SECTRACK ID: 1018372
Norton Anti-Virus SYMTDI.SYS Driver Lets Local Users Gain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1018372

Source: CCN
Type: OSVDB ID: 36117
Symantec Multiple Products symtdi.sys Crafted IRP Packet Local Privilege Escalation

Source: BID
Type: Exploit
22351

Source: CCN
Type: BID-22351
Symantec Device Driver SYMTDI.SYS Local Privilege Escalation Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2007-2507

Source: XF
Type: UNKNOWN
symantec-multi-symtdi-privilege-escalation(35347)

Source: XF
Type: UNKNOWN
symantec-multi-symtdi-privilege-escalation(35347)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 07.11.07
Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:symantec:client_security:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antispam:2005:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.0.338:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.1:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.1.1.1000:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.1.1000:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.2:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.2.1000:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.3.1000:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.4:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.5:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.5.1100:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:10.0:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:10.1:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:2005:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_internet_security:2005:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_personal_firewall:2005:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_personal_firewall:2006:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_system_works:2005:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_system_works:2006:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:symantec:client_security:2.0::scf_7.1:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:2005:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_internet_security:2005:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_system_works:2005:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_system_works:2006:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_personal_firewall:2005:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_personal_firewall:2006:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antispam:2005:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0::corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:9.0:-:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1::corporate:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    symantec client security 2.0
    symantec client security 3.0
    symantec client security 3.1
    symantec norton antispam 2005
    symantec norton antivirus 9.0
    symantec norton antivirus 9.0.0.338
    symantec norton antivirus 9.0.1
    symantec norton antivirus 9.0.1.1.1000
    symantec norton antivirus 9.0.1.1000
    symantec norton antivirus 9.0.2
    symantec norton antivirus 9.0.2.1000
    symantec norton antivirus 9.0.3.1000
    symantec norton antivirus 9.0.4
    symantec norton antivirus 9.0.5
    symantec norton antivirus 9.0.5.1100
    symantec norton antivirus 10.0
    symantec norton antivirus 10.1
    symantec norton antivirus 2005
    symantec norton antivirus 2006
    symantec norton internet security 2005
    symantec norton internet security 2006
    symantec norton personal firewall 2005
    symantec norton personal firewall 2006
    symantec norton system works 2005
    symantec norton system works 2006
    symantec client security 2.0
    symantec norton antivirus 2005
    symantec norton internet security 2005
    symantec norton system works 2005
    symantec norton system works 2006
    symantec norton antivirus 2006
    symantec client security 3.0
    symantec norton internet security 2006
    symantec norton personal firewall 2005
    symantec norton personal firewall 2006
    symantec norton antispam 2005
    symantec client security 3.1
    symantec antivirus 10.0
    symantec antivirus 9.0 -
    symantec antivirus 10.1