BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Norman Security Suite 8 Kernel Pointer Dereference Vulnerability

Disclosed September 28, 2011    No Patch Available

Vulnerability Description:

Norman Security Suite 8 contains a kernel pointer dereference vulnerability within nprosec.sys.  Successful exploitation may result in elevation of  local privileges to SYSTEM. Note:  This vulnerability does not affect eEye’s Blink product line.

Vendors:

Norman ASA

Vulnerable Software/Devices:

Norman Security Suite 8

Vulnerability Severity:

Medium

Exploit Availability:

N/A

Exploit Impact:

Elevation of Privilege
Local elevation of privileges to SYSTEM Attackers exploiting this vulnerability would be seeking to gain kernel-level access to a machine. It would need to be used in combination with some other exploit to initially gain access to the system, since this privilege escalation vulnerability is only locally exploitable. After exploiting the vulnerability, the attacker would have gained the ability to execute code with Kernel level privileges. Note: This vulnerability does not affect eEye's Blink product line.

BeyondTrust Prevention and Detection:

 

Mitigation:

No mitigation has been provided.

Links:

CVE(s):

None

Leave a Reply