Avast! Home And Professional Aavmker4.sys Privilege Escalation

March 31st, 2008

avast! Home And Professional aavmker4.sys Privilege Escalation

Tobias Klein has reported a vulnerability in avast! Home/Professional, which can be exploited by malicious, local users to gain escalated privileges.

An input validation error within the 0xb2d60030 IOCTL handler of the aavmker4.sys driver can be exploited to overwrite arbitrary kernel memory via a specially crafted IOCTL request or cause local denial of service attacks (system crash due to a kernel panic).
No special user rights are necessary to exploit the vulnerability.

The vulnerability is reported in version 4.7. Other versions may also be affected.

Technical description: http://www.trapkit.de/advisories/TKADV2008-002.txt

Solution: Update to version 4.8.1169 at http://www.avast.com/eng/download.html

Share this item with others:

More on CyberInsecure:

Fraudulent avast! Anti-Virus Products Advertised Via Google AdWords

MS Windows DNS Client Service Vulnerability

Intel Update For BIOS Protects From Privilege Escalation Vulnerability Discovered By Rutkowska

Potential Vulnerability In Adobe Flash

Six Security Vulnerabilities Updated By Adobe In Flash Player 9

Posted in Software, Vulnerabilities |

Print This Post

This entry was posted on Monday, March 31st, 2008 at 7:24 am and is filed under Software, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.