CVE-2010-0705

Name of the Vulnerable Software and Affected Versions avast! versions 4.8 through 4.8.1368.0 avast! version 5.0 before 5.0.418.0

Description The issue is related to the Aavmker4.sys driver in avast!, which does not properly validate input to IOCTL 0xb2d60030. This allows local users to cause a denial of service, resulting in a system crash, or execute arbitrary code to gain privileges. The exploitation is done via IOCTL requests using crafted kernel addresses that trigger memory corruption.

Recommendations For avast! versions 4.8 through 4.8.1368.0, update to version 4.8.1368.1 or later. For avast! version 5.0 before 5.0.418.0, update to version 5.0.418.0 or later.