Heap-based Buffer Overflow in Avast Virtualization Driver Affects Multiple Avast Products
CVE-2015-8620

7.8HIGH

Key Information:

Vendor

Avast

Status
Avast Free Antivirus
Avast Internet Security
Avast Premier
Avast Pro Antivirus
Vendor
CVE Published:
13 April 2016

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2015-8620?

A heap-based buffer overflow vulnerability exists in the Avast virtualization driver (aswSnx.sys) prior to version 11.1.2253. Local users can exploit this flaw through specially crafted Unicode file paths in IOCTL requests, potentially allowing them to elevate privileges on the affected systems. This issue highlights the importance of keeping security products updated to mitigate the risk of exploitation.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2015-8620 - Proof of Concept

References

http://packetstormsecurity.com/files/135859/Avast-11.1.22...
x_refsource_MISC
http://seclists.org/fulldisclosure/2016/Feb/94
mailing-listx_refsource_FULLDISC
https://www.nettitude.co.uk/exploiting-a-kernel-paged-poo...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.