CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
5.1%
Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.
Vendor | Product | Version | CPE |
---|---|---|---|
avast | avast_antivirus_home | * | cpe:2.3:a:avast:avast_antivirus_home:*:*:windows:*:*:*:*:* |
avast | avast_antivirus_home | 4.8.1169 | cpe:2.3:a:avast:avast_antivirus_home:4.8.1169:*:windows:*:*:*:*:* |
avast | avast_antivirus_home | 4.8.1195 | cpe:2.3:a:avast:avast_antivirus_home:4.8.1195:*:windows:*:*:*:*:* |
avast | avast_antivirus_home | 4.8.1201 | cpe:2.3:a:avast:avast_antivirus_home:4.8.1201:*:windows:*:*:*:*:* |
avast | avast_antivirus_home | 4.8.1227 | cpe:2.3:a:avast:avast_antivirus_home:4.8.1227:*:windows:*:*:*:*:* |
avast | avast_antivirus_home | 4.8.1229 | cpe:2.3:a:avast:avast_antivirus_home:4.8.1229:*:windows:*:*:*:*:* |
avast | avast_antivirus_home | 4.8.1282 | cpe:2.3:a:avast:avast_antivirus_home:4.8.1282:*:windows:*:*:*:*:* |
avast | avast_antivirus_home | 4.8.1290 | cpe:2.3:a:avast:avast_antivirus_home:4.8.1290:*:windows:*:*:*:*:* |
avast | avast_antivirus_home | 4.8.1296 | cpe:2.3:a:avast:avast_antivirus_home:4.8.1296:*:windows:*:*:*:*:* |
avast | avast_antivirus_home | 4.8.1335 | cpe:2.3:a:avast:avast_antivirus_home:4.8.1335:*:windows:*:*:*:*:* |
forum.avast.com/index.php?topic=55484.0
osvdb.org/62510
secunia.com/advisories/38677
secunia.com/advisories/38689
www.securityfocus.com/archive/1/509710/100/0/threaded
www.securityfocus.com/bid/38363
www.securitytracker.com/id?1023644
www.trapkit.de/advisories/TKADV2010-003.txt
www.vupen.com/english/advisories/2010/0449