Vulnerabilities > Symantec > Norton Personal Firewall > 2006.9.1.1.7

DATE CVE VULNERABILITY TITLE RISK
2007-10-05 CVE-2007-3699 Remote vulnerability in Symantec AntiVirus Malformed CAB and RAR Compression
The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.
network
symantec
critical
 9.3
9.3
2007-10-05 CVE-2007-0447 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec products
Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives.
network
symantec CWE-119
critical
 9.3
9.3
2007-04-02 CVE-2007-1793 Improper Input Validation vulnerability in Symantec products
SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions.
local
low complexity
symantec CWE-20
4.9
4.9
2007-03-16 CVE-2007-1495 Local Denial of Service vulnerability in Symantec Norton Personal Firewall 20069.1.1.7
The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data, a reintroduction of CVE-2006-4855.
local
low complexity
symantec
4.9
4.9