avast! 'aavmker4.sys' IOCTL Processing Bug Lets Local Users Deny Service
|
|
SecurityTracker Alert ID: 1023644 |
|
SecurityTracker URL: http://securitytracker.com/id/1023644
|
|
CVE Reference:
CVE-2010-0705
(Links to External Site)
|
Updated: Mar 2 2010
|
Original Entry Date: Feb 23 2010
|
Impact:
Denial of service via local system
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 4.8, 5.0 prior to 5.0.418
|
Description:
A vulnerability was reported in avast!. A local user can cause denial of service conditions.
A local user can send a specially crafted IOCTL request to trigger a memory corruption error in 'aavmker4.sys' and cause the target system to crash.
The vendor was notified on January 24, 2010.
The original advisory is available at:
http://trapkit.de/advisories/TKADV2010-003.txt
Tobias Klein reported this vulnerability.
|
Impact:
A local user can cause the target system to crash.
|
Solution:
The vendor has issued a fix (5.0.418).
The vendor's advisory is available at:
http://forum.avast.com/index.php?topic=55484.0
|
Vendor URL: www.avast.com/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 23 Feb 2010 19:07:30 +0000
Subject: Avast!
|
avast! 4.8 and 5.0 aavmker4.sys Kernel Memory Corruption
http://trapkit.de/advisories/TKADV2010-003.txt
|
|
