Privilege Escalation Vulnerability in Avast! Home and Professional for Windows
CVE-2009-3523

Currently unrated

Key Information:

Vendor: Avast
Status: Avast Antivirus Professional; Avast Antivirus Home
Vendor: CVE Published:; 1 October 2009

What is CVE-2009-3523?

The vulnerability in avast! Home and Professional for Windows prior to version 4.8.1356 stems from improper input validation in the aavmKer4.sys driver. This flaw allows local users to exploit the system through crafted IOCTL requests, potentially gaining elevated privileges. Specifically, the affected IOCTLs cannot handle crafted kernel addresses properly, leading to memory corruption. This vulnerability presents a significant risk to system integrity and security, enabling unauthorized access for local attackers.

References

http://www.ntinternals.org/ntiadv0904/ntiadv0904.html

x_refsource_MISC

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://secunia.com/advisories/36858

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Oct 1, 2009
Vulnerability Reserved
Oct 1, 2009