Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1625

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1625
Last Modified 07 Mar 2011 10:07:22
Published 02 Apr 2008 01:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-1625

Summary

aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests.

Vulnerable Systems

Application

  • Avast Antivirus Home 4.7.1043

  • Avast Antivirus Home 4.7.1098

  • Avast Antivirus Home 4.7.827

  • Avast Antivirus Home 4.7.844

  • Avast Antivirus Home 4.7.869

  • Avast Antivirus Professional 4.7.1043

  • Avast Antivirus Professional 4.7.1098

  • Avast Antivirus Professional 4.7.827

  • Avast Antivirus Professional 4.7.844


References

XF - avast-aavmker4-privilege-escalation(41527)

VUPEN - ADV-2008-1034

MISC - http://www.trapkit.de/advisories/TKADV2008-002.txt

SECTRACK - 1019732

BID - 28502

BUGTRAQ - 20080330 [TKADV2008-002] avast! 4.7 aavmker4.sys Kernel Memory Corruption

CONFIRM - http://www.avast.com/eng/avast-4-home_pro-revision-history.html

SECUNIA - 29605


Last Updated: 27 May 2016 10:47:36