Issue

Vulnerabilities have been published in the driver nvcoaft51.sys which is used by the Windows version of Norman Virus Control On-access scanner.

Proof of concept program code is published on the Internet.

Affected software

• Norman Virus Control single user and corporate versions
• Norman Internet Control
• NVCnet for Terminal and File servers
  
  
• Third party software using rebranded versions of Norman's On-access scanner

Vulnerability status

Vulnerable operating systems

The driver that is affected by these vulnerabilities is  only used on Windows legacy systems where Microsoft has stopped its maintenance program, or for operating systems Microsoft has issued major security updates.

Affected systems are:

• Windows NT4
• Windows 2000 pre Update rollup 1 for service pack 4

In all other operating systems from Microsoft the driver nvcoaft51.sys is no longer in use, if one runs an updated version of Norman Virus Control (version 5.90 or later). The affected driver was in version 5.90 replaced by the driver nvcw32mf.sys, which uses a new minifilter driver approach to the functionality needed.

Operating systems not vulnerable

The following operating systems from Microsoft are not vulnerable

• Windows 2000 post SP4 Update rollup 1
• Windows XP SP2
• Windows 2003 SP 1
• Windows Vista

Mitigating factors

Only installations running legacy operating systems are vulnerable.