Strix
26.1K

CVE-2007-1476

UnknownEPSS 0.86%

Last modified

CVE-2007-1476 is a vulnerability of currently unknown severity. The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855.. EPSS estimates a 0.86% chance of exploitation in the next 30 days.

Description

The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855.

Metrics

EPSS Probability
0.86%

54.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
SymantecClient Security2.0
SymantecClient Security2.0.1
SymantecClient Security2.0.1_build_9.0.1.1000Mr1
SymantecClient Security2.0.2
SymantecClient Security2.0.2_build_9.0.2.1000Mr2
SymantecClient Security2.0.3
SymantecClient Security2.0.3_build_9.0.3.1000Mr3
SymantecClient Security2.0.4
SymantecClient Security2.0.5
SymantecClient Security2.0.5_build_1100
SymantecClient Security2.0.5_build_1100_mp1Mr5
SymantecClient Security2.0.6
SymantecClient Security2.0_scf_7.1
SymantecClient Security2.0_stm_build_9.0.0.338
SymantecClient Security2.1
SymantecClient Security3.0
SymantecClient Security3.0.0.359
SymantecClient Security3.0.1.1000
SymantecClient Security3.0.1.1001
SymantecClient Security3.0.1.1007
SymantecClient Security3.0.1.1008
SymantecClient Security3.0.1.1009
SymantecClient Security3.0.2
SymantecClient Security3.0.2.2000
SymantecClient Security3.0.2.2001
SymantecClient Security3.0.2.2002
SymantecClient Security3.0.2.2010
SymantecClient Security3.0.2.2011
SymantecClient Security3.0.2.2020
SymantecClient Security3.0.2.2021
SymantecClient Security3.1
SymantecClient Security3.1.0.396
SymantecClient Security3.1.0.401
SymantecClient Security3.1.394
SymantecClient Security3.1.396
SymantecClient Security3.1.400
SymantecClient Security3.1.401
SymantecNorton Antispam2005
SymantecNorton Antivirus3.0
SymantecNorton Antivirus9.0
SymantecNorton Antivirus9.0.0.338
SymantecNorton Antivirus9.0.1
SymantecNorton Antivirus9.0.1.1.1000
SymantecNorton Antivirus9.0.1.1000
SymantecNorton Antivirus9.0.2
SymantecNorton Antivirus9.0.2.1000
SymantecNorton Antivirus9.0.3.1000
SymantecNorton Antivirus9.0.4
SymantecNorton Antivirus9.0.5
SymantecNorton Antivirus9.0.5.1100

Showing 50 of 79 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2007-1476?
The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855.
How severe is CVE-2007-1476?
Severity scoring for CVE-2007-1476 is pending analysis. The EPSS model estimates a 0.86% probability of exploitation in the next 30 days.
How do I fix CVE-2007-1476?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-1476?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST