Vulnerability Details : CVE-2006-4927
The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB.
Exploit prediction scoring system (EPSS) score for CVE-2006-4927
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-4927
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
References for CVE-2006-4927
-
http://www.kb.cert.org/vuls/id/946820
US Government Resource
-
http://securitytracker.com/id?1016996
Exploit;Patch
-
http://securityreason.com/securityalert/1690
-
http://www.vupen.com/english/advisories/2006/3928
-
http://securitytracker.com/id?1017000
Exploit;Patch
-
http://securitytracker.com/id?1017001
Exploit;Patch
-
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417
Patch;Vendor Advisory
-
http://securitytracker.com/id?1016995
Exploit;Patch
-
http://securitytracker.com/id?1016998
Exploit;Patch
-
http://securitytracker.com/id?1016997
Exploit;Patch
-
http://securitytracker.com/id?1016994
Exploit;Patch
-
http://securitytracker.com/id?1016999
Exploit;Patch
-
http://www.securityfocus.com/archive/1/447849/100/0/threaded
-
http://www.securityfocus.com/bid/20360
Exploit;Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/29360
-
http://securitytracker.com/id?1017002
Exploit;Patch
-
http://www.symantec.com/avcenter/security/Content/2006.10.05a.html
Patch
Products affected by CVE-2006-4927
- cpe:2.3:a:symantec:naveng_driver:*:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:navex15_driver:*:*:*:*:*:*:*:*