CVE-2009-3523
Avast! 4.7 - 'aavmker4.sys' Local Privilege Escalation
Severity Score
6.9
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625.
aavmKer4.sys en avast! Home y Professional para Windows anterior v4.8.1356 no proporciona entradas validad en IOCTLs (1) 0xb2d6000c y (2) 0xb2d60034, que permite a usuarios locales obtener privilegios a través de peticiones IOCTL usando direcciones de kernel manipuladas que lanzan una caída de memoria, una vulnerabilidad diferente que CVE-2008-1625.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-10-01 CVE Reserved
- 2009-10-01 CVE Published
- 2010-04-27 First Exploit
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.avast.com/eng/avast-4-home_pro-revision-history.html | X_refsource_confirm | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6024 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/12406 | 2010-04-27 | |
| http://www.ntinternals.org/ntiadv0904/ntiadv0904.html | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/36858 | 2017-09-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Avast Search vendor "Avast" | Avast Antivirus Home Search vendor "Avast" for product "Avast Antivirus Home" | <= 4.8.1351 Search vendor "Avast" for product "Avast Antivirus Home" and version " <= 4.8.1351" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Home Search vendor "Avast" for product "Avast Antivirus Home" | 4.7.827 Search vendor "Avast" for product "Avast Antivirus Home" and version "4.7.827" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Home Search vendor "Avast" for product "Avast Antivirus Home" | 4.7.844 Search vendor "Avast" for product "Avast Antivirus Home" and version "4.7.844" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Home Search vendor "Avast" for product "Avast Antivirus Home" | 4.7.869 Search vendor "Avast" for product "Avast Antivirus Home" and version "4.7.869" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Home Search vendor "Avast" for product "Avast Antivirus Home" | 4.7.1043 Search vendor "Avast" for product "Avast Antivirus Home" and version "4.7.1043" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Home Search vendor "Avast" for product "Avast Antivirus Home" | 4.7.1098 Search vendor "Avast" for product "Avast Antivirus Home" and version "4.7.1098" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Home Search vendor "Avast" for product "Avast Antivirus Home" | 4.8.1169 Search vendor "Avast" for product "Avast Antivirus Home" and version "4.8.1169" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Home Search vendor "Avast" for product "Avast Antivirus Home" | 4.8.1195 Search vendor "Avast" for product "Avast Antivirus Home" and version "4.8.1195" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Home Search vendor "Avast" for product "Avast Antivirus Home" | 4.8.1201 Search vendor "Avast" for product "Avast Antivirus Home" and version "4.8.1201" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Home Search vendor "Avast" for product "Avast Antivirus Home" | 4.8.1227 Search vendor "Avast" for product "Avast Antivirus Home" and version "4.8.1227" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Home Search vendor "Avast" for product "Avast Antivirus Home" | 4.8.1229 Search vendor "Avast" for product "Avast Antivirus Home" and version "4.8.1229" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Home Search vendor "Avast" for product "Avast Antivirus Home" | 4.8.1282 Search vendor "Avast" for product "Avast Antivirus Home" and version "4.8.1282" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Home Search vendor "Avast" for product "Avast Antivirus Home" | 4.8.1290 Search vendor "Avast" for product "Avast Antivirus Home" and version "4.8.1290" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Home Search vendor "Avast" for product "Avast Antivirus Home" | 4.8.1296 Search vendor "Avast" for product "Avast Antivirus Home" and version "4.8.1296" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Home Search vendor "Avast" for product "Avast Antivirus Home" | 4.8.1335 Search vendor "Avast" for product "Avast Antivirus Home" and version "4.8.1335" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Professional Search vendor "Avast" for product "Avast Antivirus Professional" | <= 4.8.1351 Search vendor "Avast" for product "Avast Antivirus Professional" and version " <= 4.8.1351" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Professional Search vendor "Avast" for product "Avast Antivirus Professional" | 4.7.827 Search vendor "Avast" for product "Avast Antivirus Professional" and version "4.7.827" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Professional Search vendor "Avast" for product "Avast Antivirus Professional" | 4.7.844 Search vendor "Avast" for product "Avast Antivirus Professional" and version "4.7.844" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Professional Search vendor "Avast" for product "Avast Antivirus Professional" | 4.7.1043 Search vendor "Avast" for product "Avast Antivirus Professional" and version "4.7.1043" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Professional Search vendor "Avast" for product "Avast Antivirus Professional" | 4.7.1098 Search vendor "Avast" for product "Avast Antivirus Professional" and version "4.7.1098" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Professional Search vendor "Avast" for product "Avast Antivirus Professional" | 4.8.1169 Search vendor "Avast" for product "Avast Antivirus Professional" and version "4.8.1169" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Professional Search vendor "Avast" for product "Avast Antivirus Professional" | 4.8.1195 Search vendor "Avast" for product "Avast Antivirus Professional" and version "4.8.1195" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Professional Search vendor "Avast" for product "Avast Antivirus Professional" | 4.8.1201 Search vendor "Avast" for product "Avast Antivirus Professional" and version "4.8.1201" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Professional Search vendor "Avast" for product "Avast Antivirus Professional" | 4.8.1227 Search vendor "Avast" for product "Avast Antivirus Professional" and version "4.8.1227" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Professional Search vendor "Avast" for product "Avast Antivirus Professional" | 4.8.1229 Search vendor "Avast" for product "Avast Antivirus Professional" and version "4.8.1229" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Professional Search vendor "Avast" for product "Avast Antivirus Professional" | 4.8.1282 Search vendor "Avast" for product "Avast Antivirus Professional" and version "4.8.1282" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Professional Search vendor "Avast" for product "Avast Antivirus Professional" | 4.8.1290 Search vendor "Avast" for product "Avast Antivirus Professional" and version "4.8.1290" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Professional Search vendor "Avast" for product "Avast Antivirus Professional" | 4.8.1296 Search vendor "Avast" for product "Avast Antivirus Professional" and version "4.8.1296" | windows |
Affected
| ||||||
| Avast Search vendor "Avast" | Avast Antivirus Professional Search vendor "Avast" for product "Avast Antivirus Professional" | 4.8.1335 Search vendor "Avast" for product "Avast Antivirus Professional" and version "4.8.1335" | windows |
Affected
| ||||||