AVG Internet Security 2013.x < 2013.3495 / 2015.x < 2015.5557 Local Privilege Escalation

high Nessus Plugin ID 84431

Synopsis

The remote host contains an antivirus application that is affected by a local privilege escalation vulnerability.

Description

The remote Windows host has a version of AVG Internet Security installed that is 2013.x prior to 2013.3495 or 2015.x prior to 2015.5557. It is, therefore, affected by a local privilege escalation vulnerability due to a flaw in the TDI driver (avgtdix.sys) that occurs when handling 0x830020f8 IOCTL calls. A local attacker can exploit this, via a crafted 0x830020f8 IOCTL call, to write controlled data to an arbitrary memory location, resulting in arbitrary code execution with kernel-level privileges.

Solution

Upgrade to AVG Internet Security version 2013.3495 / 2015.5557 or later.

See Also

http://www.nessus.org/u?cbcb1b10

http://www.greyhathacker.net/?p=818

Plugin Details

Severity: High

ID: 84431

File Name: avg_internet_security_2015_5557.nasl

Version: 1.8

Type: local

Family: CGI abuses

Published: 6/26/2015

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:avg:internet_security, cpe:/a:avg:protection

Required KB Items: installed_sw/AVG Internet Security

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/6/2015

Vulnerability Publication Date: 10/21/2014

Reference Information

CVE: CVE-2014-9632

BID: 72500