CVE-2009-3523

Name of the Vulnerable Software and Affected Versions avast! Home and Professional for Windows versions prior to 4.8.1356

Description The issue is related to the improper validation of input to IOCTLs, specifically (1) 0xb2d6000c and (2) 0xb2d60034, in the aavmKer4.sys driver. This allows local users to gain privileges via crafted kernel addresses that trigger memory corruption.

Recommendations For versions prior to 4.8.1356, update to version 4.8.1356 or later to resolve the issue. As a temporary workaround, consider restricting access to the aavmKer4.sys driver to minimize the risk of exploitation.