CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2017-6417
https://notcve.org/view.php?id=CVE-2017-6417
21 Mar 2017 — Code injection vulnerability in Avira Total Security Suite 15.0 (and earlier), Optimization Suite 15.0 (and earlier), Internet Security Suite 15.0 (and earlier), and Free Security Suite 15.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avira process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary ... • http://cybellum.com/doubleagent-taking-full-control-antivirus • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2009-0682
https://notcve.org/view.php?id=CVE-2009-0682
19 Aug 2009 — vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before 9.0.0.184 in Internet Security Suite r4, and vetmonnt.sys before 10.0.0.217 in Internet Security Suite r5 do not properly verify IOCTL calls, which allows local users to cause a denial of service (system crash) via a crafted call. vetmonnt.sys en CA Internet Security Suite r3, vetmonnt.sys anteriores a v9.0.0.184 en Internet Security Suite r4, y vetmonnt.sys anteriores a v10.0.0.217 en Internet Security Suite r5 no verifica adecuadamente las... • http://en.securitylab.ru/lab/PT-2009-05 • CWE-20: Improper Input Validation •