[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-0705Date: (C)2010-02-25   (M)2023-12-22


Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1023644
http://www.securityfocus.com/archive/1/509710/100/0/threaded
BID-38363
SECUNIA-38677
SECUNIA-38689
OSVDB-62510
ADV-2010-0449
http://forum.avast.com/index.php?topic=55484.0
http://www.trapkit.de/advisories/TKADV2010-003.txt

CPE    2
cpe:/o:microsoft:windows_xp
cpe:/o:microsoft:windows_2000
CWE    1
CWE-20

© SecPod Technologies