Vulnerability CVE-2009-3523


Published: 2009-10-01   Modified: 2012-02-13

Description:
aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625.

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Avast -> Avast antivirus home 
Avast -> Avast antivirus professional 

 References:
http://www.avast.com/eng/avast-4-home_pro-revision-history.html
http://www.ntinternals.org/ntiadv0904/ntiadv0904.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6024

Copyright 2024, cxsecurity.com

 

Back to Top