Kernel Memory Corruption Vulnerability in Avast Security Software
CVE-2010-0705

Currently unrated

Key Information:

Vendor: Avast
Status: Avast Antivirus Home; Avast Antivirus Professional
Vendor: CVE Published:; 25 February 2010

What is CVE-2010-0705?

The vulnerability in the aavmker4.sys component of Avast Security Software allows local users to exploit improper input validation within IOCTL 0xb2d60030. This exploitation can lead to a denial of service, potentially causing the system to crash. Furthermore, malicious users could execute arbitrary code with elevated privileges by leveraging crafted kernel addresses that result in memory corruption. This issue affects versions of Avast up to 4.8.1368.0 and the 5.0 releases before 5.0.418.0 on Windows 2000 and XP.

References

http://www.securityfocus.com/bid/38363

vdb-entryx_refsource_BID

http://osvdb.org/62510

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/38689

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Feb 25, 2010
Vulnerability Reserved
Feb 25, 2010