avast! Home And Professional aavmker4.sys Privilege Escalation
Tobias Klein has reported a vulnerability in avast! Home/Professional, which can be exploited by malicious, local users to gain escalated privileges.
An input validation error within the 0xb2d60030 IOCTL handler of the aavmker4.sys driver can be exploited to overwrite arbitrary kernel memory via a specially crafted IOCTL request or cause local denial of service attacks (system crash due to a kernel panic).
No special user rights are necessary to exploit the vulnerability.
The vulnerability is reported in version 4.7. Other versions may also be affected.
Technical description: http://www.trapkit.de/advisories/TKADV2008-002.txt
Solution: Update to version 4.8.1169 at http://www.avast.com/eng/download.html
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.