CVE-2015-7303 – Avira Management Console Update Manager Service HTTP Header Use-After-Free Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2015-7303

Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header. Vulnerabilidad de uso después de liberación de memoria en el servicio Update Manager en Avira Management Console, permite a atacantes remotos ejecutar código arbitrario a través de una cabecera grande. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Avira Management Console. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP headers by the Update Manager service. By sending overly large headers, an attacker is able to cause memory to be reused after it has been released. • http://www.zerodayinitiative.com/advisories/ZDI-15-445 •