CVE-2015-8620
https://notcve.org/view.php?id=CVE-2015-8620
Heap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privileges via a Unicode file path in an IOCTL request. Desbordamiento de buffer basado en memoria dinámica en el controlador de virtualización de Avast (aswSnx.sys) en Avast Internet Security, Pro Antivirus, Premier y Free Antivirus en versiones anteriores a 11.1.2253 permite a usuarios locales obtener privilegios a través de una ruta de archivo Unicode en una petición IOCTL. • http://packetstormsecurity.com/files/135859/Avast-11.1.2245-Heap-Overflow.html http://seclists.org/fulldisclosure/2016/Feb/94 http://www.securitytracker.com/id/1035093 https://www.nettitude.co.uk/exploiting-a-kernel-paged-pool-buffer-overflow-in-avast-virtualization-driver • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-5075 – Avast! Internet Security 5.0 - 'aswFW.sys' Kernel Driver IOCTL Memory Pool Corruption
https://notcve.org/view.php?id=CVE-2010-5075
Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5.0 Korean Trial allows local users to cause a denial of service (memory corruption and panic) via a crafted IOCTL_ASWFW_COMM_PIDINFO_RESULTS DeviceIoControl request to \\.\aswFW. Desordamiento de enteros en aswFW.sys 5.0.594.0 en Avast! Internet Security 5.0 Korean Trial permitre a usuarios locales causar una denegación de servicio (corrupción de memoria y pánico) a través de una petición modificada de IOCTL_ASWFW_COMM_PIDINFO_RESULTS DeviceIoControl a \\. • https://www.exploit-db.com/exploits/14533 http://www.securityfocus.com/bid/42148 http://x90c.blogspot.com/2011/11/avast-internet-security-aswfwsys-ioctl.html http://x90c.blogspot.com/2011/12/bid-42148-my-avast-kernel-driver-0day_01.html https://web.archive.org/web/20120228033302/http://www.x90c.org/advisories/avast_internet_security_5.0_memory_corruption_advisory.txt • CWE-189: Numeric Errors •
CVE-2010-5151
https://notcve.org/view.php?id=CVE-2010-5151
Race condition in avast! Internet Security 5.0.462 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute ** EN DISPUTA ** Condición de Carrera en avast! Internet Security v5.0.462 para Windows XP permite a usuarios locales eludir los manejadores de hooks a nivel de kernel, y ejecutar código peligroso que de otra manera sería bloqueada por el manejador y no por una detección basada en firma de malware. Esto se consigue a través de ciertos cambios en la memoria de espacio de usuario durante la ejecución del manejador de hooks. • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php http://www.f-secure.com/weblog/archives/00001949.html http://www.osvdb.org/67660 http://www.securit • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •