CVE-2003-1310

Published: Dec 31, 2003Modified: Apr 16, 2026

4.6

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 3.9 / Impact: 6.4

Source: NVD

Description

The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack").

Affected (2)

Products: Symantec: Norton Antivirus

Symantec

1 product

Norton Antivirus

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Symantec Norton Antivirus	Version 2002
Symantec Norton Antivirus	Version 2003

References (10)

http://sec-labs.hack.pl/papers/win32ddc.php

Source: cve@mitre.org

http://secunia.com/advisories/9460

Source: cve@mitre.org

Vendor Advisory

http://www.osvdb.org/4362

Source: cve@mitre.org

http://www.securityfocus.com/bid/8329

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/12824

Source: cve@mitre.org

http://sec-labs.hack.pl/papers/win32ddc.php