avast! Professional Edition < 5.0.418 Local Privilege Escalation

high Nessus Plugin ID 44876

Language:

Synopsis

The remote Windows host contains an application that is affected by a local privilege escalation vulnerability.

Description

The remote Windows host is running avast! Professional Edition. The installed version of this software is potentially affected by a local privilege escalation vulnerability because the 'aavmker4.sys' driver fails to sufficiently sanitize user-supplied input passed via a specially crafted IOCTL request.

Solution

Upgrade to Avast! Professional Edition 5.0.418 or later.

Plugin Details

Severity: High

ID: 44876

File Name: avast_5_0_418_local_priv_escalation.nasl

Version: 1.12

Type: local

Agent: windows

Family: Windows

Published: 2/23/2010

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:avast:avast_antivirus_professional

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/11/2010

Vulnerability Publication Date: 2/23/2010

Reference Information

CVE: CVE-2010-0705

BID: 38363

CWE: 20

Detections

Analytics