CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-4173 – Avast and AVG Antivirus for Windows vulnerable to Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-4173
05 Dec 2022 — A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10. Una vulnerabilidad dentro de la funcionalidad de eliminación de malware de Avast y AVG Antivirus permitió a un atacante con acceso de escritura al sistema de archivos aumentar sus privilegios en ciertos escenarios. El problema se solucionó con Avast y AVG An... • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-269: Improper Privilege Management •
CVSS: 9.3EPSS: 16%CPEs: 1EXPL: 2CVE-2016-3986 – Avast! - Authenticode Parsing Memory Corruption
https://notcve.org/view.php?id=CVE-2016-3986
08 Apr 2016 — Avast allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted PE file, related to authenticode parsing. Avast permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) y posiblemente ejecutar código arbitrario a través de un archivo PE manipulado, relacionado con la interpretación del authenticode. • https://www.exploit-db.com/exploits/39530 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 3CVE-2015-8620 – Avast 11.1.2245 Heap Overflow
https://notcve.org/view.php?id=CVE-2015-8620
21 Feb 2016 — Heap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privileges via a Unicode file path in an IOCTL request. Desbordamiento de buffer basado en memoria dinámica en el controlador de virtualización de Avast (aswSnx.sys) en Avast Internet Security, Pro Antivirus, Premier y Free Antivirus en versiones anteriores a 11.1.2253 permite a usuarios locales obtener privilegios a tra... • http://packetstormsecurity.com/files/135859/Avast-11.1.2245-Heap-Overflow.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5662
https://notcve.org/view.php?id=CVE-2015-5662
18 Oct 2015 — Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive. Vulnerabilidad de salto de directorio en Avast en versiones anteriores a 150918-0 permite a atacantes remotos borrar o escribir en archivos arbitrarios a través de una entrada manipulada en un archivo ZIP • http://jvn.jp/en/jp/JVN25576608/index.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2010-5075 – Avast! Internet Security 5.0 - 'aswFW.sys' Kernel Driver IOCTL Memory Pool Corruption
https://notcve.org/view.php?id=CVE-2010-5075
28 Dec 2014 — Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5.0 Korean Trial allows local users to cause a denial of service (memory corruption and panic) via a crafted IOCTL_ASWFW_COMM_PIDINFO_RESULTS DeviceIoControl request to \\.\aswFW. Desordamiento de enteros en aswFW.sys 5.0.594.0 en Avast! Internet Security 5.0 Korean Trial permitre a usuarios locales causar una denegación de servicio (corrupción de memoria y pánico) a través de una petición modificada de IOCTL_ASWFW_COMM_PIDINFO_RESULTS Devi... • https://www.exploit-db.com/exploits/14533 • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0122
https://notcve.org/view.php?id=CVE-2013-0122
22 Apr 2013 — The avast! Mobile Security application before 2.0.4400 for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to com.avast.android.mobilesecurity.app.scanner.DeleteFileActivity with zero arguments. La aplicación avast! Mobile Security anterior a v2.0.4400 para Android permite a atacantes provocar una denegación de servicio (bloqueo de la aplicación) mediante una aplicación especialmente diseñada que envía una intento a com.avast.android.m... • http://www.kb.cert.org/vuls/id/131263 • CWE-20: Improper Input Validation •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2010-5151
https://notcve.org/view.php?id=CVE-2010-5151
25 Aug 2012 — Race condition in avast! Internet Security 5.0.462 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has alread... • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 5%CPEs: 1EXPL: 2CVE-2010-3126 – Avast! 5.0.594 - 'mfc90loc.dll' License Files DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-3126
26 Aug 2010 — Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) file. Vulnerabilidad de búsqueda en ruta no confiable en avast! Free Antivirus v5.0.594 y anteriores, permite a usuarios locales y posiblemente atacantes remotos, la ejecución de código de su elección y llevar a c... • https://www.exploit-db.com/exploits/14743 •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 1CVE-2010-0705 – Avast! 4.7 - 'aavmker4.sys' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-0705
25 Feb 2010 — Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption. Aavmker4.sys en avast! desde v4.8 hasta v4.8.1368.0 y v5.0 anteriores a v5.0.418.0 corriendo sobre Windows 2000 o XP, no valida adecuadamente una entrada a IOCT... • https://www.exploit-db.com/exploits/12406 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4049 – Avast! AntiVirus 4.8.1356 - 'aswRdr.sys' Driver Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-4049
23 Nov 2009 — Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024. Desbordamiento de búfer basado en memoria dinámica (heap) en aswRdr.sys (también conocido como el controlador TDI RDR) en avast! Home y Professional v4.8.1356.0, permite a usuarios locales provocar una denegación de servicio (corrupción de memoria) o posiblemente ... • https://www.exploit-db.com/exploits/33360 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •