CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2015-8578
https://notcve.org/view.php?id=CVE-2015-8578
AVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. AVG Internet Security 2015 asigna la memoria con permisos Read, Write, Execute (RWX) en direcciones predecibles cuando está protegiendo procesos modo-usuario, lo que permite a atacantes eludir los mecanismos de protección DEP y ASLR a través de vectores no especificados. • http://blog.ensilo.com/the-av-vulnerability-that-bypasses-mitigations http://breakingmalware.com/vulnerabilities/sedating-watchdog-abusing-security-products-bypass-mitigations http://breakingmalware.com/vulnerabilities/vulnerability-patching-learning-from-avg-on-doing-it-right http://www.securityfocus.com/bid/78813 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 3CVE-2014-9632 – AVG Internet Security 2015.0.5315 - Arbitrary Write Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-9632
The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call. El controlador TDI (avgtdix.sys) en AVG Internet Security anterior a 2013.3495 Hot Fix 18 y 2015.x anterior a 2015.5315 y Protection anterior a 2015.5315 permite a usuarios locales escribir a localizaciones de memoria arbitrarias, y como consecuencia ganar privilegios, a través de una llamada 0x830020f8 IOCTL manipulada. AVG Internet Security 2015 suffers from an arbitrary write privilege escalation vulnerability. • https://www.exploit-db.com/exploits/35993 http://packetstormsecurity.com/files/130248/AVG-Internet-Security-2015.0.5315-Privilege-Escalation.html http://www.avg.com/eu-en/avg-release-notes http://www.exploit-db.com/exploits/35993 http://www.greyhathacker.net/?p=818 http://www.osvdb.org/113824 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 4CVE-2014-9642 – BullGuard (Multiple Products) - Arbitrary Write Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-9642
bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x0022405c IOCTL call. bdagent.sys en BullGuard Antivirus, Internet Security, Premium Protection, y Online Backup anterior a 15.0.288 permite a usuarios locales escribir datos a localizaciones de memoria arbitrarias, y como consecuencia ganar privilegios, a través de una llamada IOCTL 0x0022405c manipulada. Multiple products from BullGuard suffer from an arbitrary write privilege escalation vulnerability. • https://www.exploit-db.com/exploits/35994 http://packetstormsecurity.com/files/130247/BullGuard-14.1.285.4-Privilege-Escalation.html http://www.bullguard.com/about/release-notes.aspx http://www.exploit-db.com/exploits/35994 http://www.greyhathacker.net/?p=818 http://www.osvdb.org/114478 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2010-5152
https://notcve.org/view.php?id=CVE-2010-5152
Race condition in AVG Internet Security 9.0.791 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute ** EN DISPUTA ** Condición de Carrera en AVG Internet Security v9.0.791 para Windows XP permite a usuarios locales eludir los manejadores de hooks a nivel de kernel, y ejecutar código peligroso que de otra manera sería bloqueada por el manejador y no por una detección basada en firma de malware. Esto se consigue a través de ciertos cambios en la memoria de espacio de usuario durante la ejecución del manejador de hooks. Se trata de un problema también conocido como un ataque argument-switch o un ataque KHOBE. NOTA: este problema es discutido por algunos, ya que es un defecto en un mecanismo de protección para situaciones en las que un programa hecho a mano ya ha comenzado a ejecutarse. • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php http://www.f-secure.com/weblog/archives/00001949.html http://www.osvdb.org/67660 http://www.securit • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-0321
https://notcve.org/view.php?id=CVE-2012-0321
Unspecified vulnerability in the device driver in Kingsoft Internet Security 2011 allows local users to cause a denial of service via a crafted application. Vulnerabilidad sin especificar en el controlador Kingsoft Internet Security 2011 permite a atacantes remotos provocar una denegación de servicio a través de una aplicación modificada. • http://jvn.jp/en/jp/JVN31517714/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000019 http://www.kingsoft.jp/support/security/support_news/supportnews_20120229 •