CVE-2007-3777

Name of the Vulnerable Software and Affected Versions Grisoft AVG Anti-Virus versions 7.5.0.444 through 7.5.448 Grisoft AVG Anti-Virus Free Edition version 7.5.446

Description The issue allows local users to gain privileges via arbitrary address arguments to a function provided by the 0x5348E004 IOCTL for the generic DeviceIoControl handler. This is due to an internal function in the avg7core.sys driver that copies data to an arbitrary address.

Recommendations For Grisoft AVG Anti-Virus versions 7.5.0.444 through 7.5.448, consider restricting access to the DeviceIoControl handler until a patch is available. For Grisoft AVG Anti-Virus Free Edition version 7.5.446, avoid using the 0x5348E004 IOCTL until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.