Avast Antivirus Path Traversal Vulnerability

medium Nessus Plugin ID 87776

Synopsis

The remote Windows host has an antivirus application that is affected by a path traversal vulnerability.

Description

The remote Windows host is running Avast Antivirus with a virus definition prior to version 150918-0. It is, therefore, affected by a path traversal vulnerability that occurs when processing ZIP archives.
An unauthenticated, remote attacker can exploit this, via a crafted ZIP archive, to delete or write arbitrary files to the system.

Solution

Upgrade the Avast Antivirus virus definition to version 150918-0 or later.

See Also

http://jvn.jp/en/jp/JVN25576608/index.html

https://www.avast.com/virus-update-history

https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000160.html

Plugin Details

Severity: Medium

ID: 87776

File Name: avast_CVE-2015-5662.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 1/7/2016

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.7

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Information

CPE: cpe:/a:avast:avast_antivirus

Required KB Items: installed_sw/Avast Antivirus

Exploit Ease: No known exploits are available

Patch Publication Date: 10/16/2015

Vulnerability Publication Date: 10/16/2015

Reference Information

CVE: CVE-2015-5662

BID: 77102