Buffer Overflow in avast! Home and Professional for Windows
CVE-2009-3522

Currently unrated

Key Information:

Vendor: Avast
Status: Avast Antivirus Professional; Avast Antivirus Home
Vendor: CVE Published:; 1 October 2009

What is CVE-2009-3522?

A stack-based buffer overflow vulnerability exists in aswMon2.sys of avast! Home and Professional for Windows, specifically in versions 4.8.1351 and earlier than 4.8.1356. This flaw allows local users to exploit a crafted IOCTL request to IOCTL 0xb2c80018, potentially leading to a denial of service through system crashes and creating avenues for local privilege escalation.

References

http://www.securityfocus.com/bid/36507

vdb-entryx_refsource_BID

http://www.securitytracker.com/id?1022940

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/archive/1/506681/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Oct 1, 2009
Vulnerability Reserved
Oct 1, 2009

Avast

What is CVE-2009-3522?

References

Timeline