CVE-2010-0705: Input Validation
First published: Thu Feb 25 2010(Updated: )
Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avast Avast Antivirus Home | <=5.0.396.0 | |
| Avast Avast Antivirus Home | =4.8.1169 | |
| Avast Avast Antivirus Home | =4.8.1195 | |
| Avast Avast Antivirus Home | =4.8.1201 | |
| Avast Avast Antivirus Home | =4.8.1227 | |
| Avast Avast Antivirus Home | =4.8.1229 | |
| Avast Avast Antivirus Home | =4.8.1282 | |
| Avast Avast Antivirus Home | =4.8.1290 | |
| Avast Avast Antivirus Home | =4.8.1296 | |
| Avast Avast Antivirus Home | =4.8.1335 | |
| Avast Avast Antivirus Home | =4.8.1351 | |
| Avast Avast Antivirus Home | =4.8.1368.0 | |
| Avast Avast Antivirus Professional | <=5.0.396.0 | |
| Avast Avast Antivirus Professional | =4.8.1169 | |
| Avast Avast Antivirus Professional | =4.8.1195 | |
| Avast Avast Antivirus Professional | =4.8.1201 | |
| Avast Avast Antivirus Professional | =4.8.1227 | |
| Avast Avast Antivirus Professional | =4.8.1229 | |
| Avast Avast Antivirus Professional | =4.8.1282 | |
| Avast Avast Antivirus Professional | =4.8.1290 | |
| Avast Avast Antivirus Professional | =4.8.1296 | |
| Avast Avast Antivirus Professional | =4.8.1335 | |
| Avast Avast Antivirus Professional | =4.8.1351 | |
| Avast Avast Antivirus Professional | =4.8.1356.0 | |
| Avast Avast Antivirus Professional | =4.8.1368.0 | |
| Microsoft Windows 2000 | ||
| Microsoft Windows XP |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vupen.com/english/advisories/2010/0449
- http://forum.avast.com/index.php?topic=55484.0
- http://secunia.com/advisories/38677
- http://www.trapkit.de/advisories/TKADV2010-003.txt
- http://www.securitytracker.com/id?1023644
- http://secunia.com/advisories/38689
- http://www.securityfocus.com/bid/38363
- http://osvdb.org/62510
- http://www.securityfocus.com/archive/1/509710/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/avast
- canonical/avast avast antivirus home
- version/avast avast antivirus home/5.0.396.0
- version/avast avast antivirus home/4.8.1169
- version/avast avast antivirus home/4.8.1195
- version/avast avast antivirus home/4.8.1201
- version/avast avast antivirus home/4.8.1227
- version/avast avast antivirus home/4.8.1229
- version/avast avast antivirus home/4.8.1282
- version/avast avast antivirus home/4.8.1290
- version/avast avast antivirus home/4.8.1296
- version/avast avast antivirus home/4.8.1335
- version/avast avast antivirus home/4.8.1351
- version/avast avast antivirus home/4.8.1368.0
- canonical/avast avast antivirus professional
- version/avast avast antivirus professional/5.0.396.0
- version/avast avast antivirus professional/4.8.1169
- version/avast avast antivirus professional/4.8.1195
- version/avast avast antivirus professional/4.8.1201
- version/avast avast antivirus professional/4.8.1227
- version/avast avast antivirus professional/4.8.1229
- version/avast avast antivirus professional/4.8.1282
- version/avast avast antivirus professional/4.8.1290
- version/avast avast antivirus professional/4.8.1296
- version/avast avast antivirus professional/4.8.1335
- version/avast avast antivirus professional/4.8.1351
- version/avast avast antivirus professional/4.8.1356.0
- version/avast avast antivirus professional/4.8.1368.0
- vendor/microsoft
- canonical/microsoft windows 2000
- canonical/microsoft windows xp