CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3522 – Avast! 4.8.1351.0 AntiVirus - 'aswMon2.sys' Kernel Memory Corruption
https://notcve.org/view.php?id=CVE-2009-3522
Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018. Desbordamiento de búfer basado en pila en aswMon2.sys en avast! Home y Professional para Windows v4.8.1351, y probablemente otras versiones anteriores v4.8.1356, permite a usuarios locales causar una denegación de servicios (caída sistema) y probablemente obtener privilegios a través de peticiones IOCTL manipuladas en IOCTL 0xb2c80018. • https://www.exploit-db.com/exploits/10106 http://osvdb.org/58402 http://secunia.com/advisories/36858 http://www.avast.com/eng/avast-4-home_pro-revision-history.html http://www.securityfocus.com/archive/1/506681/100/0/threaded http://www.securityfocus.com/bid/36507 http://www.securitytracker.com/id?1022940 http://www.vupen.com/english/advisories/2009/2761 https://exchange.xforce.ibmcloud.com/vulnerabilities/53456 https://oval.cisecurity.org/repository/search/definition/oval%3Aor • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 29EXPL: 2CVE-2009-3523 – Avast! 4.7 - 'aavmker4.sys' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-3523
aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625. aavmKer4.sys en avast! Home y Professional para Windows anterior v4.8.1356 no proporciona entradas validad en IOCTLs (1) 0xb2d6000c y (2) 0xb2d60034, que permite a usuarios locales obtener privilegios a través de peticiones IOCTL usando direcciones de kernel manipuladas que lanzan una caída de memoria, una vulnerabilidad diferente que CVE-2008-1625. • https://www.exploit-db.com/exploits/12406 http://secunia.com/advisories/36858 http://www.avast.com/eng/avast-4-home_pro-revision-history.html http://www.ntinternals.org/ntiadv0904/ntiadv0904.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6024 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 4%CPEs: 3EXPL: 0CVE-2008-6846
https://notcve.org/view.php?id=CVE-2008-6846
Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed (1) ISO or (2) RPM file. Múltiple desbordamiento de búfer basado en pila en avast! Linux Home Edition v1.0.5, v1.0.5-1, y v1.0.8 que permite a los atacantes remotos causar una denegación de servicio (caída de la aplicación) o ejecutar arbitrariamente código a través de ficheros malformados (1) ISO o (2) RPM. • http://osvdb.org/52016 http://www.ivizsecurity.com/security-advisory-iviz-sr-08013.html http://www.securityfocus.com/archive/1/499080/100/0/threaded http://www.securityfocus.com/bid/32747 http://www.vupen.com/english/advisories/2008/3460 https://exchange.xforce.ibmcloud.com/vulnerabilities/47251 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5523
https://notcve.org/view.php?id=CVE-2008-5523
avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. avast! antivirus v4.8.1281.0, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detección de malware en un documento HTML colocando una cabecera MZ (alias "EXE info") al principio, y modificar el nombre del archivo a (1 ) sin extensión, (2) una extensión. txt, o (3) una extensión .jpg, como lo demuestra un documento que contiene un exploit CVE-2006-5745. • http://securityreason.com/securityalert/4723 http://www.securityfocus.com/archive/1/498995/100/0/threaded http://www.securityfocus.com/archive/1/499043/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/47435 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 1CVE-2008-1625 – Avast! 4.7 - 'aavmker4.sys' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-1625
aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests. aavmker4.sys en avast! Home y Professional 4.7 para Windows, no valida de forma correcta la entrada a IOCTL 0xb2d60030, esto permite a usuarios locales obtener privilegios a través de cierta solicitud IOCTL. Avast! version 4.7 aavmker4.sys local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/12406 http://secunia.com/advisories/29605 http://www.avast.com/eng/avast-4-home_pro-revision-history.html http://www.securityfocus.com/archive/1/490321/100/0/threaded http://www.securityfocus.com/bid/28502 http://www.securitytracker.com/id?1019732 http://www.trapkit.de/advisories/TKADV2008-002.txt http://www.vupen.com/english/advisories/2008/1034/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41527 • CWE-264: Permissions, Privileges, and Access Controls •