CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 3CVE-2015-8620 – Avast 11.1.2245 Heap Overflow
https://notcve.org/view.php?id=CVE-2015-8620
21 Feb 2016 — Heap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privileges via a Unicode file path in an IOCTL request. Desbordamiento de buffer basado en memoria dinámica en el controlador de virtualización de Avast (aswSnx.sys) en Avast Internet Security, Pro Antivirus, Premier y Free Antivirus en versiones anteriores a 11.1.2253 permite a usuarios locales obtener privilegios a tra... • http://packetstormsecurity.com/files/135859/Avast-11.1.2245-Heap-Overflow.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2010-5075 – Avast! Internet Security 5.0 - 'aswFW.sys' Kernel Driver IOCTL Memory Pool Corruption
https://notcve.org/view.php?id=CVE-2010-5075
28 Dec 2014 — Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5.0 Korean Trial allows local users to cause a denial of service (memory corruption and panic) via a crafted IOCTL_ASWFW_COMM_PIDINFO_RESULTS DeviceIoControl request to \\.\aswFW. Desordamiento de enteros en aswFW.sys 5.0.594.0 en Avast! Internet Security 5.0 Korean Trial permitre a usuarios locales causar una denegación de servicio (corrupción de memoria y pánico) a través de una petición modificada de IOCTL_ASWFW_COMM_PIDINFO_RESULTS Devi... • https://www.exploit-db.com/exploits/14533 • CWE-189: Numeric Errors •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2010-5151
https://notcve.org/view.php?id=CVE-2010-5151
25 Aug 2012 — Race condition in avast! Internet Security 5.0.462 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has alread... • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •