VUPEN Security Advisory - Nov 12, 2008
Avira Products Driver Local Kernel Pointer Overwrite Vulnerability
http://www.vupen.com/english/VUPEN-Security-Advisory-20081112.txt
I. DESCRIPTION
---------------
A security vulnerability has been identified in various Avira products.
The flaw could be exploited by local users to gain SYSTEM privileges.
II. ANALYSIS
-------------
The vulnerability is caused due to input validation errors in a driver
when processing user-supplied IOCTL requests, which could allow malicious
unprivileged users to overwrite a kernel pointer and execute arbitrary
code with SYSTEM privileges.
VUPEN Security has developed a fully-functional exploit code.
III. AFFECTED PRODUCTS
-----------------------
All Avira 32-Bit Desktop Products are affected:
- Avira AntiVir Premium
- Avira Premium Security Suite
- Avira AntiVir Professional
- Avira AntiVir Personal - FREE
IV. VENDOR RESPONSE
--------------------
A fix is available for customers via normal update.
V. CVE INFORMATION
-------------------
The Common Vulnerabilities and Exposures (CVE) project has not yet assigned
a CVE name to this issue.
VI. CREDIT
------------
This vulnerability was discovered by Sebastien Renaud of VUPEN Security
VII. DISCLOSURE TIMELINE
------------------------
2008/10/28 Initial Vendor Notification
2008/10/29 Initial Vendor Reply
2008/10/31 Security Fix Developed
2008/11/09 Emergency Update Performed
2008/11/12 Coordinated Public Disclosure