CVE-2009-2761
https://notcve.org/view.php?id=CVE-2009-2761
Unquoted Windows search path vulnerability in the scheduler (sched.exe) in Avira AntiVir, AntiVir Premium, Premium Security Suite, and AntiVir Professional might allow local users to gain privileges via a malicious antivir.exe file in the "C:\Program Files\avira\" directory. Vulnerabilidad de búsqueda de ruta no entrecomillada en Windows en el planificador (sched.exe) en Avira AntiVir, AntiVir Premium, Premium Security Suite y AntiVir Professional, podría permitir a usuarios locales elevar sus privilegios a través de un archivo antivir.exe malicioso en el directorio "C:\Program Files\avira\" ("C:\Archivos de Programa\avira\"). • http://archives.neohapsis.com/archives/bugtraq/2009-01/0146.html http://blog.zoller.lu/2009/01/tzo-2009-2-avira-antivir-priviledge.html http://www.osvdb.org/55647 http://www.vupen.com/english/advisories/2008/3130 https://exchange.xforce.ibmcloud.com/vulnerabilities/46568 •
CVE-2008-6962
https://notcve.org/view.php?id=CVE-2008-6962
Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer. Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, y AntiVir Personal - FREE permite a los usuarios locales ejecutar arbitrariamente código a través de peticiones IOCTL manipuladas que sobreescriben un puntero al núcleo. • http://www.securityfocus.com/bid/32269 http://www.vupen.com/english/VUPEN-Security-Advisory-20081112.txt http://www.vupen.com/english/advisories/2008/3130 https://exchange.xforce.ibmcloud.com/vulnerabilities/46567 • CWE-20: Improper Input Validation •
CVE-2007-2974
https://notcve.org/view.php?id=CVE-2007-2974
Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an "integer cast around." Desbordamiento de búfer en el motor de análisis sintáctico de ficheros en el Antivirus Avira Antivir anterior al 7.03.00.09 permite a atacantes remotos ejecutar código de su elección a través de un fichero LZH modificado, resultado de un "redondeo de conversión a entero". • http://forum.antivir-pe.de/thread.php?threadid=22528 http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063624.html http://osvdb.org/36712 http://secunia.com/advisories/25417 http://securityreason.com/securityalert/2764 http://securitytracker.com/id?1018131 http://www.nruns.com/advisories/%5Bn.runs-SA-2007.010%5D%20-%20Avira%20Antivir%20Antivirus%20LZH%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txt http://www.securityfocus.com/archive/1/469805/100/0/threaded http://www •
CVE-2007-2973
https://notcve.org/view.php?id=CVE-2007-2973
Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed TAR archive. El Antivirus Avira Antivir anterior al 7.03.00.09 permite a atacantes remotos provocar una denegación de servicio (bucle infinito y agotamiento de CPU) a través de un archivo TAR mal formado. • http://forum.antivir-pe.de/thread.php?threadid=22528 http://osvdb.org/36711 http://secunia.com/advisories/25417 http://www.nruns.com/advisories/%5Bn.runs-SA-2007.012%5D%20-%20Avira%20Antivir%20Antivirus%20TAR%20parsing%20Infinite%20Loop%20Advisory.txt http://www.securityfocus.com/archive/1/470042/100/0/threaded http://www.securityfocus.com/bid/24187 http://www.securityfocus.com/bid/24239 http://www.securitytracker.com/id?1018137 http://www.vupen.com/english/advisories/2007/1971 •
CVE-2007-2972
https://notcve.org/view.php?id=CVE-2007-2972
The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 allows remote attackers to cause a denial of service (application crash) via a crafted UPX compressed file, which triggers a divide-by-zero error. El motor de análisis sintáctico de ficheros del Avira Antivir Antivirus anterior al 7.04.00.24 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un fichero comprimido UPX manipulado, lo que dispara un error de "división por cero". • http://forum.antivir-pe.de/thread.php?threadid=22528 http://marc.info/?l=full-disclosure&m=118040810718045&w=2 http://osvdb.org/36710 http://secunia.com/advisories/25417 http://www.nruns.com/advisories/%5Bn.runs-SA-2007.011%5D%20-%20Avira%20Antivir%20Antivirus%20UPX%20parsing%20Divide%20by%20Zero%20Advisory.txt http://www.securityfocus.com/archive/1/469880/100/0/threaded http://www.securityfocus.com/bid/24187 http://www.securitytracker.com/id?1018132 http://www.vupen.com/e •