Lucene search

MitreCVE-2009-4049

HistoryNov 23, 2009 - 5:30 p.m.

CVE-2009-4049

2009-11-2317:30:00

CWE-119

mitre

web.nvd.nist.gov

cve-2009-4049

heap-based buffer overflow

aswrdr.sys

tdi rdr driver

avast

denial of service

memory corruption

ioctl 0x80002024

vulnerability

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

High

EPSS

Percentile

9.8%

JSON

Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024.

Affected configurations

Nvd

Node

avastavast_antivirus_homeMatch4.8.1356.0

avastavast_antivirus_professionalMatch4.8.1356.0

VendorProductVersionCPE
avastavast_antivirus_home4.8.1356.0cpe:2.3:a:avast:avast_antivirus_home:4.8.1356.0:*:*:*:*:*:*:*
avastavast_antivirus_professional4.8.1356.0cpe:2.3:a:avast:avast_antivirus_professional:4.8.1356.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
avast	avast_antivirus_home	4.8.1356.0	cpe:2.3:a:avast:avast_antivirus_home:4.8.1356.0:::::::*
avast	avast_antivirus_professional	4.8.1356.0	cpe:2.3:a:avast:avast_antivirus_professional:4.8.1356.0:::::::*

References

secunia.com/advisories/37368

www.efblog.net/2009/11/avast-aswrdrsys-kernel-pool-corruption.html

www.securityfocus.com/archive/1/507891/100/0/threaded

www.securityfocus.com/bid/37031

www.vupen.com/english/advisories/2009/3266

www.evilfingers.com/advisory/Advisory/Avast_aswRdr_sys_Kernel_Pool_Corruption_and_Local_Privilege_Escalation.php

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

High

EPSS

Percentile

9.8%

JSON

Related for CVE-2009-4049