Local Privilege Escalation in Avira AntiVir PersonalEdition Classic 7.0
CVE-2006-4619

Currently unrated

Key Information:

Vendor: Avira
Status: Antivir Personal
Vendor: CVE Published:; 7 September 2006

What is CVE-2006-4619?

The update mechanism in Avira AntiVir PersonalEdition Classic version 7.0 build 151 is susceptible to a local privilege escalation vulnerability. Attackers can exploit this weakness through a 'Shatter' style attack targeting the IParam parameter of the update.exe process. Specifically, the vulnerability arises when mishandling messages such as PBM_GETRANGE and PBM_SETRANGE within an unspecified progress bar. Exploiting this vulnerability allows local users to gain elevated privileges, potentially compromising system integrity.

References

http://www.securityfocus.com/archive/1/445205/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/19889

vdb-entryx_refsource_BID

http://secunia.com/advisories/21764

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Sep 7, 2006
Vulnerability Reserved
Sep 6, 2006