Aast! Antivirus 'aavmker4.sys' Denial Of Service Vulnerability (Win) Network Vulnerability

Summary

This host is installed with avast! AntiVirus and is prone to Denial Of Service vulnerability.

Impact

Successful exploitation will let the local attackers to cause a Denial of Service or gain escalated privileges on the victim's system. Impact Level: System/Application

Solution

Upgrade to avast! version 5.0.418 or later For updates refer to http://www.avast.com/eng/download.html

Insight

The flaw is due to an error in the 'aavmker4.sys' kernel driver when processing certain IOCTLs. This can be exploited to corrupt kernel memory via a specially crafted 0xb2d60030 IOCTL.

Affected

avast! Home and Professional version 4.8 to 4.8.1368.0 and avast! Home and Professional version 5.0 before 5.0.418.0 on Windows

References

http://secunia.com/advisories/38677
http://secunia.com/advisories/38689
http://securitytracker.com/alerts/2010/Feb/1023644.html
http://www.securityfocus.com/archive/1/archive/1/509710/100/0/threaded
http://www.trapkit.de/advisories/TKADV2010-003.txt
http://www.vupen.com/english/advisories/2010/0449

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0705

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adersoft VbsEdit '.vbs' File Denial Of Service Vulnerability
CA kmxfw.sys Code Execution and DoS Vulnerabilities
Active Perl Modules Multiple Vulnerabilities (Windows)
FlashGet FTP PWD Response Remote Buffer Overflow Vulnerability
Adobe Flash Player/Air Multiple Vulnerabilities - August10 (Linux)

Take action and discover your vulnerabilities