VUPEN Security Advisory - Nov 12, 2008 Avira Products Driver Local Kernel Pointer Overwrite Vulnerability http://www.vupen.com/english/VUPEN-Security-Advisory-20081112.txt I. DESCRIPTION --------------- A security vulnerability has been identified in various Avira products. The flaw could be exploited by local users to gain SYSTEM privileges. II. ANALYSIS ------------- The vulnerability is caused due to input validation errors in a driver when processing user-supplied IOCTL requests, which could allow malicious unprivileged users to overwrite a kernel pointer and execute arbitrary code with SYSTEM privileges. VUPEN Security has developed a fully-functional exploit code. III. AFFECTED PRODUCTS ----------------------- All Avira 32-Bit Desktop Products are affected: - Avira AntiVir Premium - Avira Premium Security Suite - Avira AntiVir Professional - Avira AntiVir Personal - FREE IV. VENDOR RESPONSE -------------------- A fix is available for customers via normal update. V. CVE INFORMATION ------------------- The Common Vulnerabilities and Exposures (CVE) project has not yet assigned a CVE name to this issue. VI. CREDIT ------------ This vulnerability was discovered by Sebastien Renaud of VUPEN Security VII. DISCLOSURE TIMELINE ------------------------ 2008/10/28 Initial Vendor Notification 2008/10/29 Initial Vendor Reply 2008/10/31 Security Fix Developed 2008/11/09 Emergency Update Performed 2008/11/12 Coordinated Public Disclosure