Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 31st, 2008

avast! Home And Professional aavmker4.sys Privilege Escalation

Tobias Klein has reported a vulnerability in avast! Home/Professional, which can be exploited by malicious, local users to gain escalated privileges.

An input validation error within the 0xb2d60030 IOCTL handler of the aavmker4.sys driver can be exploited to overwrite arbitrary kernel memory via a specially crafted IOCTL request or cause local denial of service attacks (system crash due to a kernel panic).
No special user rights are necessary to exploit the vulnerability.

The vulnerability is reported in version 4.7. Other versions may also be affected.

Technical description:

Solution: Update to version 4.8.1169 at

Share this item with others:

More on CyberInsecure:
  • Fraudulent avast! Anti-Virus Products Advertised Via Google AdWords
  • MS Windows DNS Client Service Vulnerability
  • Intel Update For BIOS Protects From Privilege Escalation Vulnerability Discovered By Rutkowska
  • Potential Vulnerability In Adobe Flash
  • Six Security Vulnerabilities Updated By Adobe In Flash Player 9

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: avast! Home And Professional aavmker4.sys Privilege Escalation

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.