All the vulnerabilites related to avast - avast_antivirus_home
cve-2007-1673
Vulnerability from cvelistv5
Published
2007-05-09 01:00
Modified
2024-08-07 13:06
Severity ?
EPSS score ?
Summary
unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.amavis.org/security/asa-2007-2.txt | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34080 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/36208 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/23823 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/25315 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/467646/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/2680 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:25.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.amavis.org/security/asa-2007-2.txt"
},
{
"name": "multiple-vendor-zoo-dos(34080)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
},
{
"name": "36208",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36208"
},
{
"name": "23823",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23823"
},
{
"name": "25315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25315"
},
{
"name": "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"name": "2680",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2680"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.amavis.org/security/asa-2007-2.txt"
},
{
"name": "multiple-vendor-zoo-dos(34080)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
},
{
"name": "36208",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36208"
},
{
"name": "23823",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23823"
},
{
"name": "25315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25315"
},
{
"name": "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"name": "2680",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2680"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.amavis.org/security/asa-2007-2.txt",
"refsource": "CONFIRM",
"url": "http://www.amavis.org/security/asa-2007-2.txt"
},
{
"name": "multiple-vendor-zoo-dos(34080)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
},
{
"name": "36208",
"refsource": "OSVDB",
"url": "http://osvdb.org/36208"
},
{
"name": "23823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23823"
},
{
"name": "25315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25315"
},
{
"name": "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"name": "2680",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2680"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1673",
"datePublished": "2007-05-09T01:00:00",
"dateReserved": "2007-03-24T00:00:00",
"dateUpdated": "2024-08-07T13:06:25.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4049
Vulnerability from cvelistv5
Published
2009-11-23 17:00
Modified
2024-08-07 06:45
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/37031 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/3266 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/37368 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.efblog.net/2009/11/avast-aswrdrsys-kernel-pool-corruption.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/507891/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://www.evilfingers.com/advisory/Advisory/Avast_aswRdr_sys_Kernel_Pool_Corruption_and_Local_Privilege_Escalation.php | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:51.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37031",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37031"
},
{
"name": "ADV-2009-3266",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3266"
},
{
"name": "37368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37368"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.efblog.net/2009/11/avast-aswrdrsys-kernel-pool-corruption.html"
},
{
"name": "20091114 Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507891/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.evilfingers.com/advisory/Advisory/Avast_aswRdr_sys_Kernel_Pool_Corruption_and_Local_Privilege_Escalation.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37031",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37031"
},
{
"name": "ADV-2009-3266",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3266"
},
{
"name": "37368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37368"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.efblog.net/2009/11/avast-aswrdrsys-kernel-pool-corruption.html"
},
{
"name": "20091114 Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507891/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.evilfingers.com/advisory/Advisory/Avast_aswRdr_sys_Kernel_Pool_Corruption_and_Local_Privilege_Escalation.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37031"
},
{
"name": "ADV-2009-3266",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3266"
},
{
"name": "37368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37368"
},
{
"name": "http://www.efblog.net/2009/11/avast-aswrdrsys-kernel-pool-corruption.html",
"refsource": "MISC",
"url": "http://www.efblog.net/2009/11/avast-aswrdrsys-kernel-pool-corruption.html"
},
{
"name": "20091114 Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507891/100/0/threaded"
},
{
"name": "https://www.evilfingers.com/advisory/Advisory/Avast_aswRdr_sys_Kernel_Pool_Corruption_and_Local_Privilege_Escalation.php",
"refsource": "MISC",
"url": "https://www.evilfingers.com/advisory/Advisory/Avast_aswRdr_sys_Kernel_Pool_Corruption_and_Local_Privilege_Escalation.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4049",
"datePublished": "2009-11-23T17:00:00",
"dateReserved": "2009-11-23T00:00:00",
"dateUpdated": "2024-08-07T06:45:51.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6265
Vulnerability from cvelistv5
Published
2007-12-07 11:00
Modified
2024-08-07 16:02
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in avast! 4 Home and Professional Editions before 4.7.1098 allows remote attackers to have an unknown impact via a crafted TAR archive.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/26702 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/27929 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2007/4097 | vdb-entry, x_refsource_VUPEN | |
| http://www.avast.com/eng/avast-4-home_pro-revision-history.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38877 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:35.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26702",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26702"
},
{
"name": "27929",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27929"
},
{
"name": "ADV-2007-4097",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4097"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
},
{
"name": "avast-tar-code-execution(38877)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in avast! 4 Home and Professional Editions before 4.7.1098 allows remote attackers to have an unknown impact via a crafted TAR archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26702",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26702"
},
{
"name": "27929",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27929"
},
{
"name": "ADV-2007-4097",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4097"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
},
{
"name": "avast-tar-code-execution(38877)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38877"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in avast! 4 Home and Professional Editions before 4.7.1098 allows remote attackers to have an unknown impact via a crafted TAR archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26702",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26702"
},
{
"name": "27929",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27929"
},
{
"name": "ADV-2007-4097",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4097"
},
{
"name": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html",
"refsource": "CONFIRM",
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
},
{
"name": "avast-tar-code-execution(38877)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38877"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6265",
"datePublished": "2007-12-07T11:00:00",
"dateReserved": "2007-12-07T00:00:00",
"dateUpdated": "2024-08-07T16:02:35.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3523
Vulnerability from cvelistv5
Published
2009-10-01 16:00
Modified
2024-08-07 06:31
Severity ?
EPSS score ?
Summary
aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ntinternals.org/ntiadv0904/ntiadv0904.html | x_refsource_MISC | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6024 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/36858 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.avast.com/eng/avast-4-home_pro-revision-history.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ntinternals.org/ntiadv0904/ntiadv0904.html"
},
{
"name": "oval:org.mitre.oval:def:6024",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6024"
},
{
"name": "36858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36858"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ntinternals.org/ntiadv0904/ntiadv0904.html"
},
{
"name": "oval:org.mitre.oval:def:6024",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6024"
},
{
"name": "36858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36858"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ntinternals.org/ntiadv0904/ntiadv0904.html",
"refsource": "MISC",
"url": "http://www.ntinternals.org/ntiadv0904/ntiadv0904.html"
},
{
"name": "oval:org.mitre.oval:def:6024",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6024"
},
{
"name": "36858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36858"
},
{
"name": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html",
"refsource": "CONFIRM",
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3523",
"datePublished": "2009-10-01T16:00:00",
"dateReserved": "2009-10-01T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0705
Vulnerability from cvelistv5
Published
2010-02-25 18:03
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38363 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/62510 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/38689 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2010/0449 | vdb-entry, x_refsource_VUPEN | |
| http://forum.avast.com/index.php?topic=55484.0 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/509710/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id?1023644 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/38677 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.trapkit.de/advisories/TKADV2010-003.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38363",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38363"
},
{
"name": "62510",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62510"
},
{
"name": "38689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38689"
},
{
"name": "ADV-2010-0449",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0449"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.avast.com/index.php?topic=55484.0"
},
{
"name": "20100223 [TKADV2010-003] avast! 4.8 and 5.0 aavmker4.sys Kernel Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509710/100/0/threaded"
},
{
"name": "1023644",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023644"
},
{
"name": "38677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38677"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2010-003.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38363",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38363"
},
{
"name": "62510",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62510"
},
{
"name": "38689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38689"
},
{
"name": "ADV-2010-0449",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0449"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.avast.com/index.php?topic=55484.0"
},
{
"name": "20100223 [TKADV2010-003] avast! 4.8 and 5.0 aavmker4.sys Kernel Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509710/100/0/threaded"
},
{
"name": "1023644",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023644"
},
{
"name": "38677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38677"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2010-003.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38363"
},
{
"name": "62510",
"refsource": "OSVDB",
"url": "http://osvdb.org/62510"
},
{
"name": "38689",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38689"
},
{
"name": "ADV-2010-0449",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0449"
},
{
"name": "http://forum.avast.com/index.php?topic=55484.0",
"refsource": "CONFIRM",
"url": "http://forum.avast.com/index.php?topic=55484.0"
},
{
"name": "20100223 [TKADV2010-003] avast! 4.8 and 5.0 aavmker4.sys Kernel Memory Corruption",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509710/100/0/threaded"
},
{
"name": "1023644",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023644"
},
{
"name": "38677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38677"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2010-003.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2010-003.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0705",
"datePublished": "2010-02-25T18:03:00",
"dateReserved": "2010-02-25T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3524
Vulnerability from cvelistv5
Published
2009-10-01 16:00
Modified
2024-08-07 06:31
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6509 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/36858 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/58403 | vdb-entry, x_refsource_OSVDB | |
| http://www.avast.com/eng/avast-4-home_pro-revision-history.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6509",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6509"
},
{
"name": "36858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36858"
},
{
"name": "58403",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58403"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6509",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6509"
},
{
"name": "36858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36858"
},
{
"name": "58403",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58403"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:6509",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6509"
},
{
"name": "36858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36858"
},
{
"name": "58403",
"refsource": "OSVDB",
"url": "http://osvdb.org/58403"
},
{
"name": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html",
"refsource": "CONFIRM",
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3524",
"datePublished": "2009-10-01T16:00:00",
"dateReserved": "2009-10-01T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1625
Vulnerability from cvelistv5
Published
2008-04-02 17:00
Modified
2024-08-07 08:32
Severity ?
EPSS score ?
Summary
aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/1034/references | vdb-entry, x_refsource_VUPEN | |
| http://www.trapkit.de/advisories/TKADV2008-002.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/28502 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/29605 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/490321/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41527 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1019732 | vdb-entry, x_refsource_SECTRACK | |
| http://www.avast.com/eng/avast-4-home_pro-revision-history.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:00.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1034",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1034/references"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2008-002.txt"
},
{
"name": "28502",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28502"
},
{
"name": "29605",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29605"
},
{
"name": "20080330 [TKADV2008-002] avast! 4.7 aavmker4.sys Kernel Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490321/100/0/threaded"
},
{
"name": "avast-aavmker4-privilege-escalation(41527)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41527"
},
{
"name": "1019732",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019732"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1034",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1034/references"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2008-002.txt"
},
{
"name": "28502",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28502"
},
{
"name": "29605",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29605"
},
{
"name": "20080330 [TKADV2008-002] avast! 4.7 aavmker4.sys Kernel Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490321/100/0/threaded"
},
{
"name": "avast-aavmker4-privilege-escalation(41527)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41527"
},
{
"name": "1019732",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019732"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1034",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1034/references"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2008-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2008-002.txt"
},
{
"name": "28502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28502"
},
{
"name": "29605",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29605"
},
{
"name": "20080330 [TKADV2008-002] avast! 4.7 aavmker4.sys Kernel Memory Corruption",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490321/100/0/threaded"
},
{
"name": "avast-aavmker4-privilege-escalation(41527)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41527"
},
{
"name": "1019732",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019732"
},
{
"name": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html",
"refsource": "CONFIRM",
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1625",
"datePublished": "2008-04-02T17:00:00",
"dateReserved": "2008-04-02T00:00:00",
"dateUpdated": "2024-08-07T08:32:00.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3522
Vulnerability from cvelistv5
Published
2009-10-01 16:00
Modified
2024-08-07 06:31
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/36507 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1022940 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/506681/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/36858 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53456 | vdb-entry, x_refsource_XF | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6226 | vdb-entry, signature, x_refsource_OVAL | |
| https://www.evilfingers.com/advisory/Advisory/Avast_aswMon2.sys_kernel_memory_corruption_and_Local_Privilege_Escalation.php | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2009/2761 | vdb-entry, x_refsource_VUPEN | |
| http://www.avast.com/eng/avast-4-home_pro-revision-history.html | x_refsource_CONFIRM | |
| http://osvdb.org/58402 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36507",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36507"
},
{
"name": "1022940",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022940"
},
{
"name": "20090923 Avast aswMon2.sys kernel memory corruption and Local Privilege Escalation.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/506681/100/0/threaded"
},
{
"name": "36858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36858"
},
{
"name": "avast-aswmon2-bo(53456)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53456"
},
{
"name": "oval:org.mitre.oval:def:6226",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6226"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.evilfingers.com/advisory/Advisory/Avast_aswMon2.sys_kernel_memory_corruption_and_Local_Privilege_Escalation.php"
},
{
"name": "ADV-2009-2761",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2761"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
},
{
"name": "58402",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58402"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36507",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36507"
},
{
"name": "1022940",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022940"
},
{
"name": "20090923 Avast aswMon2.sys kernel memory corruption and Local Privilege Escalation.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/506681/100/0/threaded"
},
{
"name": "36858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36858"
},
{
"name": "avast-aswmon2-bo(53456)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53456"
},
{
"name": "oval:org.mitre.oval:def:6226",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6226"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.evilfingers.com/advisory/Advisory/Avast_aswMon2.sys_kernel_memory_corruption_and_Local_Privilege_Escalation.php"
},
{
"name": "ADV-2009-2761",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2761"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
},
{
"name": "58402",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58402"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36507"
},
{
"name": "1022940",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022940"
},
{
"name": "20090923 Avast aswMon2.sys kernel memory corruption and Local Privilege Escalation.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506681/100/0/threaded"
},
{
"name": "36858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36858"
},
{
"name": "avast-aswmon2-bo(53456)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53456"
},
{
"name": "oval:org.mitre.oval:def:6226",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6226"
},
{
"name": "https://www.evilfingers.com/advisory/Advisory/Avast_aswMon2.sys_kernel_memory_corruption_and_Local_Privilege_Escalation.php",
"refsource": "MISC",
"url": "https://www.evilfingers.com/advisory/Advisory/Avast_aswMon2.sys_kernel_memory_corruption_and_Local_Privilege_Escalation.php"
},
{
"name": "ADV-2009-2761",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2761"
},
{
"name": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html",
"refsource": "CONFIRM",
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
},
{
"name": "58402",
"refsource": "OSVDB",
"url": "http://osvdb.org/58402"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3522",
"datePublished": "2009-10-01T16:00:00",
"dateReserved": "2009-10-01T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-10-01 17:00
Modified
2024-11-21 01:07
Severity ?
Summary
aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:*:*:windows:*:*:*:*:*",
"matchCriteriaId": "C47AF58C-5BC9-40EC-98F6-48E1B645F4C6",
"versionEndIncluding": "4.8.1351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.827:*:windows:*:*:*:*:*",
"matchCriteriaId": "33A71A2C-36AC-4F36-9D94-AA824F4DE14C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.844:*:windows:*:*:*:*:*",
"matchCriteriaId": "62618C12-3EAC-4434-B2A8-D83612F1A05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.869:*:windows:*:*:*:*:*",
"matchCriteriaId": "B949535B-9771-4AC6-BBDB-8BB3A789A1FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.1043:*:windows:*:*:*:*:*",
"matchCriteriaId": "DC6DA89A-BF71-4031-9B51-E5941FDE5E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.1098:*:windows:*:*:*:*:*",
"matchCriteriaId": "DB201D49-EB74-4A5D-B641-86C4429E3EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1169:*:windows:*:*:*:*:*",
"matchCriteriaId": "D8C4E148-EAD0-433C-B0C3-3124B0288CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1195:*:windows:*:*:*:*:*",
"matchCriteriaId": "1867FC4C-01BC-4FA1-B33F-66CE7D4AD9B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1201:*:windows:*:*:*:*:*",
"matchCriteriaId": "79057030-D57C-4DAC-B9F9-FE2CED222481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1227:*:windows:*:*:*:*:*",
"matchCriteriaId": "8CE03B00-0277-4738-8DA6-AFD09830B0DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1229:*:windows:*:*:*:*:*",
"matchCriteriaId": "921BC39F-E4EC-4B4C-BC7D-8002B7C3A85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1282:*:windows:*:*:*:*:*",
"matchCriteriaId": "B03B958E-8FAA-48E4-BD0D-3577B7150284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1290:*:windows:*:*:*:*:*",
"matchCriteriaId": "36902F71-4215-40B5-93B5-75A5634D4501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1296:*:windows:*:*:*:*:*",
"matchCriteriaId": "0F087F04-EF9C-43F0-95F0-36AD5182F02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1335:*:windows:*:*:*:*:*",
"matchCriteriaId": "1757311C-A432-4056-A480-12713E4E0024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:*:*:windows:*:*:*:*:*",
"matchCriteriaId": "2C19547C-2369-4228-80CF-0A07735ED6AC",
"versionEndIncluding": "4.8.1351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.827:*:windows:*:*:*:*:*",
"matchCriteriaId": "DF2D8C10-01E4-43D7-93EE-342BA7E9C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.844:*:windows:*:*:*:*:*",
"matchCriteriaId": "AAB7888A-E884-4C73-AF10-698C56E080F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.1043:*:windows:*:*:*:*:*",
"matchCriteriaId": "1F7F2957-4422-4891-B573-F68882D7C8E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.1098:*:windows:*:*:*:*:*",
"matchCriteriaId": "FC6DE028-27FD-40D7-AD12-F3C648B445E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1169:*:windows:*:*:*:*:*",
"matchCriteriaId": "FC35E740-8BE7-4479-B684-6E304204B358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1195:*:windows:*:*:*:*:*",
"matchCriteriaId": "083372F2-D738-4698-97CF-F71748BE4877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1201:*:windows:*:*:*:*:*",
"matchCriteriaId": "38BAD92D-F9D8-4295-B9BD-FFB354937ED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1227:*:windows:*:*:*:*:*",
"matchCriteriaId": "0348CFA9-6DC0-4FCE-B6B8-3D0D9086471F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1229:*:windows:*:*:*:*:*",
"matchCriteriaId": "03B69989-B458-4624-B40F-37A7FCD11BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1282:*:windows:*:*:*:*:*",
"matchCriteriaId": "FA7CEE2D-C92B-45A9-89F0-42A7DFAA7DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1290:*:windows:*:*:*:*:*",
"matchCriteriaId": "FDCB885F-8175-41B3-A6A6-1A9A3A239548",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1296:*:windows:*:*:*:*:*",
"matchCriteriaId": "82039FC7-19D9-471C-A781-87D4CCE807CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1335:*:windows:*:*:*:*:*",
"matchCriteriaId": "B6D8AF4B-27E2-4A7B-A474-AF453F6A22F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625."
},
{
"lang": "es",
"value": "aavmKer4.sys en avast! Home y Professional para Windows anterior v4.8.1356 no proporciona entradas validad en IOCTLs (1) 0xb2d6000c y (2) 0xb2d60034, que permite a usuarios locales obtener privilegios a trav\u00e9s de peticiones IOCTL usando direcciones de kernel manipuladas que lanzan una ca\u00edda de memoria, una vulnerabilidad diferente que CVE-2008-1625."
}
],
"id": "CVE-2009-3523",
"lastModified": "2024-11-21T01:07:34.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-10-01T17:00:00.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36858"
},
{
"source": "cve@mitre.org",
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.ntinternals.org/ntiadv0904/ntiadv0904.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.ntinternals.org/ntiadv0904/ntiadv0904.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6024"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-01 17:00
Modified
2024-11-21 01:07
Severity ?
Summary
Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avast | avast_antivirus_home | 4.8.1351 | |
| avast | avast_antivirus_professional | 4.8.1351 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1351:*:windows:*:*:*:*:*",
"matchCriteriaId": "BC6D7AC9-3351-4AE7-B2E3-00AD7C7B2E2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1351:*:windows:*:*:*:*:*",
"matchCriteriaId": "F398BFA7-75F1-49C5-A306-820C77EEBAE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en aswMon2.sys en avast! Home y Professional para Windows v4.8.1351, y probablemente otras versiones anteriores v4.8.1356, permite a usuarios locales causar una denegaci\u00f3n de servicios (ca\u00edda sistema) y probablemente obtener privilegios a trav\u00e9s de peticiones IOCTL manipuladas en IOCTL 0xb2c80018."
}
],
"id": "CVE-2009-3522",
"lastModified": "2024-11-21T01:07:34.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-01T17:00:00.250",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/58402"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36858"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/506681/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36507"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022940"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2761"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53456"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6226"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.evilfingers.com/advisory/Advisory/Avast_aswMon2.sys_kernel_memory_corruption_and_Local_Privilege_Escalation.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/58402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/506681/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.evilfingers.com/advisory/Advisory/Avast_aswMon2.sys_kernel_memory_corruption_and_Local_Privilege_Escalation.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-23 17:30
Modified
2024-11-21 01:08
Severity ?
Summary
Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avast | avast_antivirus_home | 4.8.1356.0 | |
| avast | avast_antivirus_professional | 4.8.1356.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1356.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03785A63-99D8-4289-AE31-73FA1934B5C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1356.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A119A362-47B2-4798-9BDF-75AB46242877",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en aswRdr.sys (tambi\u00e9n conocido como el controlador TDI RDR) en avast! Home y Professional v4.8.1356.0, permite a usuarios locales provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o posiblemente elevar sus privilegios a trav\u00e9s de argumentos manipulados a IOCTL 0x80002024."
}
],
"id": "CVE-2009-4049",
"lastModified": "2024-11-21T01:08:49.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-23T17:30:00.670",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37368"
},
{
"source": "cve@mitre.org",
"url": "http://www.efblog.net/2009/11/avast-aswrdrsys-kernel-pool-corruption.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507891/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37031"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3266"
},
{
"source": "cve@mitre.org",
"url": "https://www.evilfingers.com/advisory/Advisory/Avast_aswRdr_sys_Kernel_Pool_Corruption_and_Local_Privilege_Escalation.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.efblog.net/2009/11/avast-aswrdrsys-kernel-pool-corruption.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507891/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.evilfingers.com/advisory/Advisory/Avast_aswRdr_sys_Kernel_Pool_Corruption_and_Local_Privilege_Escalation.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-07 11:46
Modified
2024-11-21 00:39
Severity ?
Summary
Unspecified vulnerability in avast! 4 Home and Professional Editions before 4.7.1098 allows remote attackers to have an unknown impact via a crafted TAR archive.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avast | avast_antivirus_home | 4.0 | |
| avast | avast_antivirus_home | 4.6 | |
| avast | avast_antivirus_home | 4.6.652 | |
| avast | avast_antivirus_home | 4.6.655 | |
| avast | avast_antivirus_home | 4.6.665 | |
| avast | avast_antivirus_home | 4.6.691 | |
| avast | avast_antivirus_home | 4.7.827 | |
| avast | avast_antivirus_home | 4.7.844 | |
| avast | avast_antivirus_home | 4.7.869 | |
| avast | avast_antivirus_home | 4.7.1043 | |
| avast | avast_antivirus_professional | 4.0 | |
| avast | avast_antivirus_professional | 4.6 | |
| avast | avast_antivirus_professional | 4.6.603 | |
| avast | avast_antivirus_professional | 4.6.652 | |
| avast | avast_antivirus_professional | 4.6.665 | |
| avast | avast_antivirus_professional | 4.6.691 | |
| avast | avast_antivirus_professional | 4.7.827 | |
| avast | avast_antivirus_professional | 4.7.844 | |
| avast | avast_antivirus_professional | 4.7.1043 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1519A450-8F71-408A-81B8-AA6F337E7A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48872452-2B26-44C4-A9FF-0D9D23AAC95A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.6.652:*:*:*:*:*:*:*",
"matchCriteriaId": "275D7948-61FB-4415-A9EB-59EEF9757149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.6.655:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCC4081-D877-4DE3-9342-59BCE7C41CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.6.665:*:*:*:*:*:*:*",
"matchCriteriaId": "B189DFCB-2307-43B4-8102-BA725CEE0711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.6.691:*:*:*:*:*:*:*",
"matchCriteriaId": "3C733E69-33B3-465B-B146-A68C26373E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.827:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF16A3D-BC29-4426-BDF5-F1C6E85228B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.844:*:*:*:*:*:*:*",
"matchCriteriaId": "E02983BB-F027-4967-A230-933299D2D061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.869:*:*:*:*:*:*:*",
"matchCriteriaId": "238FB2B1-41CF-46DB-8ED7-7F2B6609C27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.1043:*:*:*:*:*:*:*",
"matchCriteriaId": "97FEA351-FFF6-4452-9A2B-A7AAF4D7EE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "231DDF5E-5026-4844-8374-45F0926F8C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8822D55C-FEE7-41B5-A8D5-8D9F514CF815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.6.603:*:*:*:*:*:*:*",
"matchCriteriaId": "B89C0CA4-00DE-4CAD-B554-36C46815A919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.6.652:*:*:*:*:*:*:*",
"matchCriteriaId": "A618B922-80E7-4769-90BA-5FE231DA6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.6.665:*:*:*:*:*:*:*",
"matchCriteriaId": "40F19B83-BAD9-4CDC-95C5-6D352F223AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.6.691:*:*:*:*:*:*:*",
"matchCriteriaId": "762B6C23-5ADD-4221-8146-DF9CE95637BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.827:*:*:*:*:*:*:*",
"matchCriteriaId": "2F3B1651-DC3E-43B8-A5A4-8BEF7D668EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.844:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0980CA-26A4-468E-82F3-E03953250343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.1043:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0EF168-1F0D-4772-8922-0A75CAF28661",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in avast! 4 Home and Professional Editions before 4.7.1098 allows remote attackers to have an unknown impact via a crafted TAR archive."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en avast! 4, ediciones Home y Professional, en versiones anteriores a la 4.7.1098. Permite que atacantes remotos provoquen un impacto desconocido usando un archivo TAR manipulado."
}
],
"id": "CVE-2007-6265",
"lastModified": "2024-11-21T00:39:44.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-07T11:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27929"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26702"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4097"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38877"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-02 17:44
Modified
2024-11-21 00:44
Severity ?
Summary
aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avast | avast_antivirus_home | 4.7.827 | |
| avast | avast_antivirus_home | 4.7.844 | |
| avast | avast_antivirus_home | 4.7.869 | |
| avast | avast_antivirus_home | 4.7.1043 | |
| avast | avast_antivirus_home | 4.7.1098 | |
| avast | avast_antivirus_professional | 4.7.827 | |
| avast | avast_antivirus_professional | 4.7.844 | |
| avast | avast_antivirus_professional | 4.7.1043 | |
| avast | avast_antivirus_professional | 4.7.1098 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.827:*:windows:*:*:*:*:*",
"matchCriteriaId": "33A71A2C-36AC-4F36-9D94-AA824F4DE14C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.844:*:windows:*:*:*:*:*",
"matchCriteriaId": "62618C12-3EAC-4434-B2A8-D83612F1A05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.869:*:windows:*:*:*:*:*",
"matchCriteriaId": "B949535B-9771-4AC6-BBDB-8BB3A789A1FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.1043:*:windows:*:*:*:*:*",
"matchCriteriaId": "DC6DA89A-BF71-4031-9B51-E5941FDE5E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.1098:*:windows:*:*:*:*:*",
"matchCriteriaId": "DB201D49-EB74-4A5D-B641-86C4429E3EC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.827:*:windows:*:*:*:*:*",
"matchCriteriaId": "DF2D8C10-01E4-43D7-93EE-342BA7E9C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.844:*:windows:*:*:*:*:*",
"matchCriteriaId": "AAB7888A-E884-4C73-AF10-698C56E080F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.1043:*:windows:*:*:*:*:*",
"matchCriteriaId": "1F7F2957-4422-4891-B573-F68882D7C8E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.1098:*:windows:*:*:*:*:*",
"matchCriteriaId": "FC6DE028-27FD-40D7-AD12-F3C648B445E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests."
},
{
"lang": "es",
"value": "aavmker4.sys en avast! Home y Professional 4.7 para Windows, no valida de forma correcta la entrada a IOCTL 0xb2d60030, esto permite a usuarios locales obtener privilegios a trav\u00e9s de cierta solicitud IOCTL."
}
],
"id": "CVE-2008-1625",
"lastModified": "2024-11-21T00:44:57.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-02T17:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29605"
},
{
"source": "cve@mitre.org",
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/490321/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28502"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019732"
},
{
"source": "cve@mitre.org",
"url": "http://www.trapkit.de/advisories/TKADV2008-002.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1034/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/490321/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trapkit.de/advisories/TKADV2008-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1034/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41527"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-25 18:30
Modified
2024-11-21 01:12
Severity ?
Summary
Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:*:*:windows:*:*:*:*:*",
"matchCriteriaId": "1CEB7AA8-9B1C-497F-89E7-B5E9AC2A71D6",
"versionEndIncluding": "5.0.396.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1169:*:windows:*:*:*:*:*",
"matchCriteriaId": "D8C4E148-EAD0-433C-B0C3-3124B0288CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1195:*:windows:*:*:*:*:*",
"matchCriteriaId": "1867FC4C-01BC-4FA1-B33F-66CE7D4AD9B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1201:*:windows:*:*:*:*:*",
"matchCriteriaId": "79057030-D57C-4DAC-B9F9-FE2CED222481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1227:*:windows:*:*:*:*:*",
"matchCriteriaId": "8CE03B00-0277-4738-8DA6-AFD09830B0DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1229:*:windows:*:*:*:*:*",
"matchCriteriaId": "921BC39F-E4EC-4B4C-BC7D-8002B7C3A85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1282:*:windows:*:*:*:*:*",
"matchCriteriaId": "B03B958E-8FAA-48E4-BD0D-3577B7150284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1290:*:windows:*:*:*:*:*",
"matchCriteriaId": "36902F71-4215-40B5-93B5-75A5634D4501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1296:*:windows:*:*:*:*:*",
"matchCriteriaId": "0F087F04-EF9C-43F0-95F0-36AD5182F02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1335:*:windows:*:*:*:*:*",
"matchCriteriaId": "1757311C-A432-4056-A480-12713E4E0024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1351:*:windows:*:*:*:*:*",
"matchCriteriaId": "BC6D7AC9-3351-4AE7-B2E3-00AD7C7B2E2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1368.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "B660EA03-1E06-4C97-A695-B2BD668BC7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:*:*:windows:*:*:*:*:*",
"matchCriteriaId": "D175167F-E8B0-4682-81AB-2D6B94FABC58",
"versionEndIncluding": "5.0.396.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1169:*:windows:*:*:*:*:*",
"matchCriteriaId": "FC35E740-8BE7-4479-B684-6E304204B358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1195:*:windows:*:*:*:*:*",
"matchCriteriaId": "083372F2-D738-4698-97CF-F71748BE4877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1201:*:windows:*:*:*:*:*",
"matchCriteriaId": "38BAD92D-F9D8-4295-B9BD-FFB354937ED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1227:*:windows:*:*:*:*:*",
"matchCriteriaId": "0348CFA9-6DC0-4FCE-B6B8-3D0D9086471F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1229:*:windows:*:*:*:*:*",
"matchCriteriaId": "03B69989-B458-4624-B40F-37A7FCD11BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1282:*:windows:*:*:*:*:*",
"matchCriteriaId": "FA7CEE2D-C92B-45A9-89F0-42A7DFAA7DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1290:*:windows:*:*:*:*:*",
"matchCriteriaId": "FDCB885F-8175-41B3-A6A6-1A9A3A239548",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1296:*:windows:*:*:*:*:*",
"matchCriteriaId": "82039FC7-19D9-471C-A781-87D4CCE807CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1335:*:windows:*:*:*:*:*",
"matchCriteriaId": "B6D8AF4B-27E2-4A7B-A474-AF453F6A22F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1351:*:windows:*:*:*:*:*",
"matchCriteriaId": "F398BFA7-75F1-49C5-A306-820C77EEBAE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1356.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A119A362-47B2-4798-9BDF-75AB46242877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1368.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "B8EE159F-580F-4C8E-B2EC-C01E8930B41A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption."
},
{
"lang": "es",
"value": "Aavmker4.sys en avast! desde v4.8 hasta v4.8.1368.0 y v5.0 anteriores a v5.0.418.0 corriendo sobre Windows 2000 o XP, no valida adecuadamente una entrada a IOCTL 0xb2d60030, lo que permite a usuarios locales producir una denegaci\u00f3n de servicio (ca\u00edda del sistema) o ejecutar c\u00f3digo arbitrario para ganar privilegios a trav\u00e9s de peticiones IOCTL utilizando direcciones de kernel manipuladas que inician una corrupci\u00f3n de memoria."
}
],
"id": "CVE-2010-0705",
"lastModified": "2024-11-21T01:12:47.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-25T18:30:00.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://forum.avast.com/index.php?topic=55484.0"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/62510"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38677"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38689"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/509710/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38363"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023644"
},
{
"source": "cve@mitre.org",
"url": "http://www.trapkit.de/advisories/TKADV2010-003.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://forum.avast.com/index.php?topic=55484.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/62510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/509710/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trapkit.de/advisories/TKADV2010-003.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0449"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-01 17:00
Modified
2024-11-21 01:07
Severity ?
Summary
Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:*:*:windows:*:*:*:*:*",
"matchCriteriaId": "C47AF58C-5BC9-40EC-98F6-48E1B645F4C6",
"versionEndIncluding": "4.8.1351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.827:*:windows:*:*:*:*:*",
"matchCriteriaId": "33A71A2C-36AC-4F36-9D94-AA824F4DE14C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.844:*:windows:*:*:*:*:*",
"matchCriteriaId": "62618C12-3EAC-4434-B2A8-D83612F1A05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.869:*:windows:*:*:*:*:*",
"matchCriteriaId": "B949535B-9771-4AC6-BBDB-8BB3A789A1FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.1043:*:windows:*:*:*:*:*",
"matchCriteriaId": "DC6DA89A-BF71-4031-9B51-E5941FDE5E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.1098:*:windows:*:*:*:*:*",
"matchCriteriaId": "DB201D49-EB74-4A5D-B641-86C4429E3EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1169:*:windows:*:*:*:*:*",
"matchCriteriaId": "D8C4E148-EAD0-433C-B0C3-3124B0288CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1195:*:windows:*:*:*:*:*",
"matchCriteriaId": "1867FC4C-01BC-4FA1-B33F-66CE7D4AD9B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1201:*:windows:*:*:*:*:*",
"matchCriteriaId": "79057030-D57C-4DAC-B9F9-FE2CED222481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1227:*:windows:*:*:*:*:*",
"matchCriteriaId": "8CE03B00-0277-4738-8DA6-AFD09830B0DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1229:*:windows:*:*:*:*:*",
"matchCriteriaId": "921BC39F-E4EC-4B4C-BC7D-8002B7C3A85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1282:*:windows:*:*:*:*:*",
"matchCriteriaId": "B03B958E-8FAA-48E4-BD0D-3577B7150284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1290:*:windows:*:*:*:*:*",
"matchCriteriaId": "36902F71-4215-40B5-93B5-75A5634D4501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1296:*:windows:*:*:*:*:*",
"matchCriteriaId": "0F087F04-EF9C-43F0-95F0-36AD5182F02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1335:*:windows:*:*:*:*:*",
"matchCriteriaId": "1757311C-A432-4056-A480-12713E4E0024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:*:*:windows:*:*:*:*:*",
"matchCriteriaId": "2C19547C-2369-4228-80CF-0A07735ED6AC",
"versionEndIncluding": "4.8.1351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.827:*:windows:*:*:*:*:*",
"matchCriteriaId": "DF2D8C10-01E4-43D7-93EE-342BA7E9C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.844:*:windows:*:*:*:*:*",
"matchCriteriaId": "AAB7888A-E884-4C73-AF10-698C56E080F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.1043:*:windows:*:*:*:*:*",
"matchCriteriaId": "1F7F2957-4422-4891-B573-F68882D7C8E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.1098:*:windows:*:*:*:*:*",
"matchCriteriaId": "FC6DE028-27FD-40D7-AD12-F3C648B445E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1169:*:windows:*:*:*:*:*",
"matchCriteriaId": "FC35E740-8BE7-4479-B684-6E304204B358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1195:*:windows:*:*:*:*:*",
"matchCriteriaId": "083372F2-D738-4698-97CF-F71748BE4877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1201:*:windows:*:*:*:*:*",
"matchCriteriaId": "38BAD92D-F9D8-4295-B9BD-FFB354937ED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1227:*:windows:*:*:*:*:*",
"matchCriteriaId": "0348CFA9-6DC0-4FCE-B6B8-3D0D9086471F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1229:*:windows:*:*:*:*:*",
"matchCriteriaId": "03B69989-B458-4624-B40F-37A7FCD11BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1282:*:windows:*:*:*:*:*",
"matchCriteriaId": "FA7CEE2D-C92B-45A9-89F0-42A7DFAA7DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1290:*:windows:*:*:*:*:*",
"matchCriteriaId": "FDCB885F-8175-41B3-A6A6-1A9A3A239548",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1296:*:windows:*:*:*:*:*",
"matchCriteriaId": "82039FC7-19D9-471C-A781-87D4CCE807CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1335:*:windows:*:*:*:*:*",
"matchCriteriaId": "B6D8AF4B-27E2-4A7B-A474-AF453F6A22F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad inesperada en ashWsFtr.dll en avast! Home y Professional para Windows anterior v4.8.1356 tiene un impacto y vectores de ataque no especificados."
}
],
"id": "CVE-2009-3524",
"lastModified": "2024-11-21T01:07:34.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-01T17:00:00.297",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/58403"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36858"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/58403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6509"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-09 01:19
Modified
2024-11-21 00:28
Severity ?
Summary
unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amavis:amavis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64AF6FAE-B025-4F70-9F52-C7C12C6F705D",
"versionEndIncluding": "2.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC3BF13-2946-411E-93A5-0C3AF0508C60",
"versionEndIncluding": "4.7.980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus:4.6.394:*:*:*:*:*:*:*",
"matchCriteriaId": "8683D747-C092-4841-AABF-280D7EB771F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus:4.7.652:*:*:*:*:*:*:*",
"matchCriteriaId": "D393356E-0464-41B6-9D56-2DCFC6900244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus:4.7.700:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED7C89E-E28B-4BE9-952D-86A8D089B41D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1519A450-8F71-408A-81B8-AA6F337E7A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48872452-2B26-44C4-A9FF-0D9D23AAC95A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.6.652:*:*:*:*:*:*:*",
"matchCriteriaId": "275D7948-61FB-4415-A9EB-59EEF9757149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.6.655:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCC4081-D877-4DE3-9342-59BCE7C41CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.6.665:*:*:*:*:*:*:*",
"matchCriteriaId": "B189DFCB-2307-43B4-8102-BA725CEE0711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.6.691:*:*:*:*:*:*:*",
"matchCriteriaId": "3C733E69-33B3-465B-B146-A68C26373E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.827:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF16A3D-BC29-4426-BDF5-F1C6E85228B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.827:*:windows:*:*:*:*:*",
"matchCriteriaId": "33A71A2C-36AC-4F36-9D94-AA824F4DE14C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.844:*:*:*:*:*:*:*",
"matchCriteriaId": "E02983BB-F027-4967-A230-933299D2D061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.844:*:windows:*:*:*:*:*",
"matchCriteriaId": "62618C12-3EAC-4434-B2A8-D83612F1A05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.869:*:*:*:*:*:*:*",
"matchCriteriaId": "238FB2B1-41CF-46DB-8ED7-7F2B6609C27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.869:*:windows:*:*:*:*:*",
"matchCriteriaId": "B949535B-9771-4AC6-BBDB-8BB3A789A1FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.1043:*:*:*:*:*:*:*",
"matchCriteriaId": "97FEA351-FFF6-4452-9A2B-A7AAF4D7EE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.1043:*:windows:*:*:*:*:*",
"matchCriteriaId": "DC6DA89A-BF71-4031-9B51-E5941FDE5E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.1098:*:*:*:*:*:*:*",
"matchCriteriaId": "18837F1C-8ECD-4202-9489-08D63FB28CDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.1098:*:windows:*:*:*:*:*",
"matchCriteriaId": "DB201D49-EB74-4A5D-B641-86C4429E3EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "231DDF5E-5026-4844-8374-45F0926F8C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8822D55C-FEE7-41B5-A8D5-8D9F514CF815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.6.603:*:*:*:*:*:*:*",
"matchCriteriaId": "B89C0CA4-00DE-4CAD-B554-36C46815A919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.6.652:*:*:*:*:*:*:*",
"matchCriteriaId": "A618B922-80E7-4769-90BA-5FE231DA6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.6.665:*:*:*:*:*:*:*",
"matchCriteriaId": "40F19B83-BAD9-4CDC-95C5-6D352F223AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.6.691:*:*:*:*:*:*:*",
"matchCriteriaId": "762B6C23-5ADD-4221-8146-DF9CE95637BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.827:*:*:*:*:*:*:*",
"matchCriteriaId": "2F3B1651-DC3E-43B8-A5A4-8BEF7D668EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.827:*:windows:*:*:*:*:*",
"matchCriteriaId": "DF2D8C10-01E4-43D7-93EE-342BA7E9C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.844:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0980CA-26A4-468E-82F3-E03953250343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.844:*:windows:*:*:*:*:*",
"matchCriteriaId": "AAB7888A-E884-4C73-AF10-698C56E080F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.869:*:*:*:*:*:*:*",
"matchCriteriaId": "FF5B2325-D8EE-4D1E-8291-740726FC1EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.1043:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0EF168-1F0D-4772-8922-0A75CAF28661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.1043:*:windows:*:*:*:*:*",
"matchCriteriaId": "1F7F2957-4422-4891-B573-F68882D7C8E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.1098:*:*:*:*:*:*:*",
"matchCriteriaId": "5CAED694-2497-488B-A2AB-0781501678F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD00670-7EC0-4AA4-98EF-C8AE38330284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir:6.35.00.00:*:*:*:*:*:*:*",
"matchCriteriaId": "C23C179C-B50E-4F47-BFFA-85848131C99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir:7.04.00.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5C813AD8-5D73-41DF-B710-3CEB20FB9EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir_personal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B38A75AF-D8B4-4B54-87E9-6EED562CAAC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir_personal:*:*:classic:*:*:*:*:*",
"matchCriteriaId": "5DB520B5-36E8-4F4B-99FF-0FF3F708CC8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir_personal:*:*:premium:*:*:*:*:*",
"matchCriteriaId": "BECD1C6B-EC0F-4203-BA12-F8B02472FF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir_personal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD267D52-D580-4460-AFF9-E5BA478A98FA",
"versionEndIncluding": "7.3.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir_personal:7:*:*:*:*:*:*:*",
"matchCriteriaId": "64D94528-A54F-439B-8584-57A82CDF7318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir_personal:7:*:classic:*:*:*:*:*",
"matchCriteriaId": "DB66A5A4-6758-438D-9155-7475A5406DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_antivirus:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F9AF4F-E974-4D6F-AF51-0DA7A59E64FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_antivirus_and_firewall:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "C4DBEED1-0648-45F3-AFC2-91C872A1B098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:picozip:picozip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD36471-D8DC-4B11-B53B-264AB1560063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rahul_dhesi:zoo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79845C9F-7884-4F77-B492-4A944D3DCCEA",
"versionEndIncluding": "2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unzoo:unzoo:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B93C2E82-03E5-42CE-A589-B82FBCBE7D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:winace:winace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7B6EE8-25D5-4C89-A0B8-A069D330A9D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D03D666-D234-4626-82F9-EC5726BE1920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_100:*:*:*:*:*:*:*",
"matchCriteriaId": "D0BEEFB2-C6ED-43D5-B535-623931C38890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_200:*:*:*:*:*:*:*",
"matchCriteriaId": "C2ECF7F8-A29F-4868-9DE5-4227E5DA2285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_300:*:*:*:*:*:*:*",
"matchCriteriaId": "6A897043-9003-4F27-8C7D-AE6B2BD0389C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_400:*:*:*:*:*:*:*",
"matchCriteriaId": "1F05FEF8-6B34-4874-AD6B-A053415BD939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_500:*:*:*:*:*:*:*",
"matchCriteriaId": "D28FAD61-3723-4CCC-B890-C5869E7AC3EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_600:*:*:*:*:*:*:*",
"matchCriteriaId": "7697AAC2-EC8A-496E-9336-29AAE61CD69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_800:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA47F3A-44BA-4011-8A44-1AE54D02E772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_900:*:*:*:*:*:*:*",
"matchCriteriaId": "423620AD-EA6A-4730-B97A-DF67247372BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file."
},
{
"lang": "es",
"value": "El archivo unzoo.c, tal como se utiliza en varios productos, incluyendo AMaViS versi\u00f3n 2.4.1 y anteriores, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito) por medio de un archivo ZOO con una estructura direntry que apunta hacia un archivo anterior."
}
],
"evaluatorSolution": "http://xforce.iss.net/xforce/xfdb/34080\r\n\r\n\r\nFor Barracuda Spam Firewall:\r\nUpgrade to the latest virus definition version of Barracuda Spam Firewall (virusdef 2.0.6399 for 3.4 and after or virusdef 2.0.6399o for prior to 3.4), available from the automatic update.\r\n\r\nFor Panda Software Antivirus:\r\nUpgrade to the latest version of Panda Software Antivirus (4/2/2007 or later), available from the automatic update feature.\r\n\r\nFor avast! antivirus:\r\nUpgrade to the latest version of Panda Software Antivirus (4.7.981 or later), available from the avast! antivirus Web site. See references.\r\n\r\nFor Avira AntiVir:\r\nUpgrade to the latest version of Avira AntiVir (avpack32.dll version 7.3.0.6 or later), available from the automatic update feature.\r\n\r\nFor AMaViS:\r\nRefer to ASA-2007-2 for patch, upgrade, or suggested workaround information. See References.",
"id": "CVE-2007-1673",
"lastModified": "2024-11-21T00:28:54.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-09T01:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36208"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25315"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2680"
},
{
"source": "cve@mitre.org",
"url": "http://www.amavis.org/security/asa-2007-2.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/23823"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.amavis.org/security/asa-2007-2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/23823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}