PT-2009-5814 · Avast · Avast!
Published
2009-10-01
·
Updated
2018-10-10
·
CVE-2009-3522
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
avast! Home and Professional versions 4.8.1351 through 4.8.1355
Description
A stack-based buffer overflow issue exists, allowing local users to cause a system crash and possibly gain privileges. This is achieved by sending a crafted IOCTL request to the IOCTL 0xb2c80018 endpoint.
Recommendations
For versions 4.8.1351 through 4.8.1355, update to version 4.8.1356 or later to resolve the issue. As a temporary workaround, consider restricting access to the aswMon2.sys driver to minimize the risk of exploitation.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avast!