CVE-2008-1625

2008-04-0217:44:00

CWE-264

mitre

web.nvd.nist.gov

avast

windows

security

vulnerability

privilege escalation

ioctl

nvd

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

Percentile

5.1%

JSON

aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests.

Affected configurations

Nvd

Node

avastavast_antivirus_homeMatch4.7.827windows

avastavast_antivirus_homeMatch4.7.844windows

avastavast_antivirus_homeMatch4.7.869windows

avastavast_antivirus_homeMatch4.7.1043windows

avastavast_antivirus_homeMatch4.7.1098windows

Node

avastavast_antivirus_professionalMatch4.7.827windows

avastavast_antivirus_professionalMatch4.7.844windows

avastavast_antivirus_professionalMatch4.7.1043windows

avastavast_antivirus_professionalMatch4.7.1098windows

VendorProductVersionCPE
avastavast_antivirus_home4.7.827cpe:2.3:a:avast:avast_antivirus_home:4.7.827:*:windows:*:*:*:*:*
avastavast_antivirus_home4.7.844cpe:2.3:a:avast:avast_antivirus_home:4.7.844:*:windows:*:*:*:*:*
avastavast_antivirus_home4.7.869cpe:2.3:a:avast:avast_antivirus_home:4.7.869:*:windows:*:*:*:*:*
avastavast_antivirus_home4.7.1043cpe:2.3:a:avast:avast_antivirus_home:4.7.1043:*:windows:*:*:*:*:*
avastavast_antivirus_home4.7.1098cpe:2.3:a:avast:avast_antivirus_home:4.7.1098:*:windows:*:*:*:*:*
avastavast_antivirus_professional4.7.827cpe:2.3:a:avast:avast_antivirus_professional:4.7.827:*:windows:*:*:*:*:*
avastavast_antivirus_professional4.7.844cpe:2.3:a:avast:avast_antivirus_professional:4.7.844:*:windows:*:*:*:*:*
avastavast_antivirus_professional4.7.1043cpe:2.3:a:avast:avast_antivirus_professional:4.7.1043:*:windows:*:*:*:*:*
avastavast_antivirus_professional4.7.1098cpe:2.3:a:avast:avast_antivirus_professional:4.7.1098:*:windows:*:*:*:*:*

Vendor	Product	Version	CPE
avast	avast_antivirus_home	4.7.827	cpe:2.3:a:avast:avast_antivirus_home:4.7.827::windows:::::
avast	avast_antivirus_home	4.7.844	cpe:2.3:a:avast:avast_antivirus_home:4.7.844::windows:::::
avast	avast_antivirus_home	4.7.869	cpe:2.3:a:avast:avast_antivirus_home:4.7.869::windows:::::
avast	avast_antivirus_home	4.7.1043	cpe:2.3:a:avast:avast_antivirus_home:4.7.1043::windows:::::
avast	avast_antivirus_home	4.7.1098	cpe:2.3:a:avast:avast_antivirus_home:4.7.1098::windows:::::
avast	avast_antivirus_professional	4.7.827	cpe:2.3:a:avast:avast_antivirus_professional:4.7.827::windows:::::
avast	avast_antivirus_professional	4.7.844	cpe:2.3:a:avast:avast_antivirus_professional:4.7.844::windows:::::
avast	avast_antivirus_professional	4.7.1043	cpe:2.3:a:avast:avast_antivirus_professional:4.7.1043::windows:::::
avast	avast_antivirus_professional	4.7.1098	cpe:2.3:a:avast:avast_antivirus_professional:4.7.1098::windows:::::