Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-0705

Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.

Published

2010-02-25T18:30:00.377

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	avast	avast_antivirus_home	≤ 5.0.396.0	Yes
Application	avast	avast_antivirus_home	4.8.1169	Yes
Application	avast	avast_antivirus_home	4.8.1195	Yes
Application	avast	avast_antivirus_home	4.8.1201	Yes
Application	avast	avast_antivirus_home	4.8.1227	Yes
Application	avast	avast_antivirus_home	4.8.1229	Yes
Application	avast	avast_antivirus_home	4.8.1282	Yes
Application	avast	avast_antivirus_home	4.8.1290	Yes
Application	avast	avast_antivirus_home	4.8.1296	Yes
Application	avast	avast_antivirus_home	4.8.1335	Yes
Application	avast	avast_antivirus_home	4.8.1351	Yes
Application	avast	avast_antivirus_home	4.8.1368.0	Yes
Application	avast	avast_antivirus_professional	≤ 5.0.396.0	Yes
Application	avast	avast_antivirus_professional	4.8.1169	Yes
Application	avast	avast_antivirus_professional	4.8.1195	Yes
Application	avast	avast_antivirus_professional	4.8.1201	Yes
Application	avast	avast_antivirus_professional	4.8.1227	Yes
Application	avast	avast_antivirus_professional	4.8.1229	Yes
Application	avast	avast_antivirus_professional	4.8.1282	Yes
Application	avast	avast_antivirus_professional	4.8.1290	Yes
Application	avast	avast_antivirus_professional	4.8.1296	Yes
Application	avast	avast_antivirus_professional	4.8.1335	Yes
Application	avast	avast_antivirus_professional	4.8.1351	Yes
Application	avast	avast_antivirus_professional	4.8.1356.0	Yes
Application	avast	avast_antivirus_professional	4.8.1368.0	Yes
Operating System	microsoft	windows_2000	*	No
Operating System	microsoft	windows_xp	*	No

References

http://forum.avast.com/index.php?topic=55484.0 Vendor Advisory ([email protected])
http://osvdb.org/62510 ([email protected])
http://secunia.com/advisories/38677 Vendor Advisory ([email protected])
http://secunia.com/advisories/38689 Vendor Advisory ([email protected])
http://www.securityfocus.com/archive/1/509710/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/38363 ([email protected])
http://www.securitytracker.com/id?1023644 ([email protected])
http://www.trapkit.de/advisories/TKADV2010-003.txt ([email protected])
http://www.vupen.com/english/advisories/2010/0449 Vendor Advisory ([email protected])
http://forum.avast.com/index.php?topic=55484.0 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/62510 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38677 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38689 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/509710/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/38363 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1023644 (af854a3a-2127-422b-91ae-364da2661108)
http://www.trapkit.de/advisories/TKADV2010-003.txt (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/0449 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)