CVE-2006-4927

high

Description

The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/29360

http://www.vupen.com/english/advisories/2006/3928

http://www.symantec.com/avcenter/security/Content/2006.10.05a.html

http://www.securityfocus.com/archive/1/447849/100/0/threaded

http://www.kb.cert.org/vuls/id/946820

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=417

http://securityreason.com/securityalert/1690

http://secunia.com/advisories/22288

Details

Source: Mitre, NVD

Published: 2006-10-10

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00396