Local Privilege Escalation in Avast! Home and Professional 4.7
CVE-2008-1625

Currently unrated

Key Information:

Vendor: Avast
Status: Avast Antivirus Home
Vendor: CVE Published:; 2 April 2008

What is CVE-2008-1625?

A vulnerability within the aavmker4.sys file of Avast! Home and Professional 4.7 for Windows has been identified that improperly validates input to IOCTL 0xb2d60030. This flaw allows local users to execute certain IOCTL requests, potentially leading to unauthorized privilege escalation. Users could exploit this vulnerability to gain elevated privileges and access sensitive system functions that are otherwise restricted.

References

http://www.vupen.com/english/advisories/2008/1034/references

vdb-entryx_refsource_VUPEN

http://www.trapkit.de/advisories/TKADV2008-002.txt

x_refsource_MISC

http://www.securityfocus.com/bid/28502

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Apr 2, 2008
Vulnerability Reserved
Apr 2, 2008