CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2017-5567
https://notcve.org/view.php?id=CVE-2017-5567
21 Mar 2017 — Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider... • http://cybellum.com/doubleagent-taking-full-control-antivirus • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 42EXPL: 0CVE-2016-4025 – Avast! Sandbox Escape
https://notcve.org/view.php?id=CVE-2016-4025
19 Apr 2016 — Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call. Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security ... • https://labs.nettitude.com/blog/escaping-avast-sandbox-using-single-ioctl-cve-2016-4025 • CWE-254: 7PK - Security Features •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 3CVE-2015-8620 – Avast 11.1.2245 Heap Overflow
https://notcve.org/view.php?id=CVE-2015-8620
21 Feb 2016 — Heap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privileges via a Unicode file path in an IOCTL request. Desbordamiento de buffer basado en memoria dinámica en el controlador de virtualización de Avast (aswSnx.sys) en Avast Internet Security, Pro Antivirus, Premier y Free Antivirus en versiones anteriores a 11.1.2253 permite a usuarios locales obtener privilegios a tra... • http://packetstormsecurity.com/files/135859/Avast-11.1.2245-Heap-Overflow.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •