Avira Products Driver Local Kernel Pointer Overwrite Vulnerability

2009.08.15
Risk: High
Local: Yes
Remote: No
CWE: CWE-20


CVSS Base Score: 7.2/10
Impact Subscore: 10/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

VUPEN Security Advisory - Nov 12, 2008 Avira Products Driver Local Kernel Pointer Overwrite Vulnerability http://www.vupen.com/english/VUPEN-Security-Advisory-20081112.txt I. DESCRIPTION --------------- A security vulnerability has been identified in various Avira products. The flaw could be exploited by local users to gain SYSTEM privileges. II. ANALYSIS ------------- The vulnerability is caused due to input validation errors in a driver when processing user-supplied IOCTL requests, which could allow malicious unprivileged users to overwrite a kernel pointer and execute arbitrary code with SYSTEM privileges. VUPEN Security has developed a fully-functional exploit code. III. AFFECTED PRODUCTS ----------------------- All Avira 32-Bit Desktop Products are affected: - Avira AntiVir Premium - Avira Premium Security Suite - Avira AntiVir Professional - Avira AntiVir Personal - FREE IV. VENDOR RESPONSE -------------------- A fix is available for customers via normal update. V. CVE INFORMATION ------------------- The Common Vulnerabilities and Exposures (CVE) project has not yet assigned a CVE name to this issue. VI. CREDIT ------------ This vulnerability was discovered by Sebastien Renaud of VUPEN Security VII. DISCLOSURE TIMELINE ------------------------ 2008/10/28 Initial Vendor Notification 2008/10/29 Initial Vendor Reply 2008/10/31 Security Fix Developed 2008/11/09 Emergency Update Performed 2008/11/12 Coordinated Public Disclosure

References:

http://xforce.iss.net/xforce/xfdb/46567
http://www.vupen.com/english/VUPEN-Security-Advisory-20081112.txt
http://www.vupen.com/english/advisories/2008/3130
http://www.securityfocus.com/bid/32269


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top