Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-3523

aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625.

Published

2009-10-01T17:00:00.267

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.9 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	avast	avast_antivirus_home	≤ 4.8.1351	Yes
Application	avast	avast_antivirus_home	4.7.827	Yes
Application	avast	avast_antivirus_home	4.7.844	Yes
Application	avast	avast_antivirus_home	4.7.869	Yes
Application	avast	avast_antivirus_home	4.7.1043	Yes
Application	avast	avast_antivirus_home	4.7.1098	Yes
Application	avast	avast_antivirus_home	4.8.1169	Yes
Application	avast	avast_antivirus_home	4.8.1195	Yes
Application	avast	avast_antivirus_home	4.8.1201	Yes
Application	avast	avast_antivirus_home	4.8.1227	Yes
Application	avast	avast_antivirus_home	4.8.1229	Yes
Application	avast	avast_antivirus_home	4.8.1282	Yes
Application	avast	avast_antivirus_home	4.8.1290	Yes
Application	avast	avast_antivirus_home	4.8.1296	Yes
Application	avast	avast_antivirus_home	4.8.1335	Yes
Application	avast	avast_antivirus_professional	≤ 4.8.1351	Yes
Application	avast	avast_antivirus_professional	4.7.827	Yes
Application	avast	avast_antivirus_professional	4.7.844	Yes
Application	avast	avast_antivirus_professional	4.7.1043	Yes
Application	avast	avast_antivirus_professional	4.7.1098	Yes
Application	avast	avast_antivirus_professional	4.8.1169	Yes
Application	avast	avast_antivirus_professional	4.8.1195	Yes
Application	avast	avast_antivirus_professional	4.8.1201	Yes
Application	avast	avast_antivirus_professional	4.8.1227	Yes
Application	avast	avast_antivirus_professional	4.8.1229	Yes
Application	avast	avast_antivirus_professional	4.8.1282	Yes
Application	avast	avast_antivirus_professional	4.8.1290	Yes
Application	avast	avast_antivirus_professional	4.8.1296	Yes
Application	avast	avast_antivirus_professional	4.8.1335	Yes

References

http://secunia.com/advisories/36858 Vendor Advisory ([email protected])
http://www.avast.com/eng/avast-4-home_pro-revision-history.html ([email protected])
http://www.ntinternals.org/ntiadv0904/ntiadv0904.html Exploit ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6024 ([email protected])
http://secunia.com/advisories/36858 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.avast.com/eng/avast-4-home_pro-revision-history.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.ntinternals.org/ntiadv0904/ntiadv0904.html Exploit (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6024 (af854a3a-2127-422b-91ae-364da2661108)