CVE-2010-0705

Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://forum.avast.com/index.php?topic=55484.0	Vendor Advisory
http://osvdb.org/62510
http://secunia.com/advisories/38677	Vendor Advisory
http://secunia.com/advisories/38689	Vendor Advisory
http://www.securityfocus.com/archive/1/509710/100/0/threaded
http://www.securityfocus.com/bid/38363
http://www.securitytracker.com/id?1023644
http://www.trapkit.de/advisories/TKADV2010-003.txt
http://www.vupen.com/english/advisories/2010/0449	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:avast:avast_antivirus_home:::windows:::::*
	cpe:2.3:a:avast:avast_antivirus_home:4.8.1169::windows:::::
	cpe:2.3:a:avast:avast_antivirus_home:4.8.1195::windows:::::
	cpe:2.3:a:avast:avast_antivirus_home:4.8.1201::windows:::::
	cpe:2.3:a:avast:avast_antivirus_home:4.8.1227::windows:::::
	cpe:2.3:a:avast:avast_antivirus_home:4.8.1229::windows:::::
	cpe:2.3:a:avast:avast_antivirus_home:4.8.1282::windows:::::
	cpe:2.3:a:avast:avast_antivirus_home:4.8.1290::windows:::::
	cpe:2.3:a:avast:avast_antivirus_home:4.8.1296::windows:::::
	cpe:2.3:a:avast:avast_antivirus_home:4.8.1335::windows:::::
	cpe:2.3:a:avast:avast_antivirus_home:4.8.1351::windows:::::
	cpe:2.3:a:avast:avast_antivirus_home:4.8.1368.0::windows:::::
	cpe:2.3:a:avast:avast_antivirus_professional:::windows:::::*
	cpe:2.3:a:avast:avast_antivirus_professional:4.8.1169::windows:::::
	cpe:2.3:a:avast:avast_antivirus_professional:4.8.1195::windows:::::
	cpe:2.3:a:avast:avast_antivirus_professional:4.8.1201::windows:::::
	cpe:2.3:a:avast:avast_antivirus_professional:4.8.1227::windows:::::
	cpe:2.3:a:avast:avast_antivirus_professional:4.8.1229::windows:::::
	cpe:2.3:a:avast:avast_antivirus_professional:4.8.1282::windows:::::
	cpe:2.3:a:avast:avast_antivirus_professional:4.8.1290::windows:::::
	cpe:2.3:a:avast:avast_antivirus_professional:4.8.1296::windows:::::
	cpe:2.3:a:avast:avast_antivirus_professional:4.8.1335::windows:::::
	cpe:2.3:a:avast:avast_antivirus_professional:4.8.1351::windows:::::
	cpe:2.3:a:avast:avast_antivirus_professional:4.8.1356.0:::::::*
	cpe:2.3:a:avast:avast_antivirus_professional:4.8.1368.0::windows:::::

OR	cpe:2.3:o:microsoft:windows_2000::::::::
	cpe:2.3:o:microsoft:windows_xp::::::::

History

No history.

Information

Published : 2010-02-25 18:30

Updated : 2018-10-10 19:53

NVD link : CVE-2010-0705

Mitre link : CVE-2010-0705

CVE.ORG link : CVE-2010-0705

JSON object : View

Products Affected

microsoft

windows_2000
windows_xp

avast

avast_antivirus_home
avast_antivirus_professional

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2010-0705", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-02-25T18:30:00.377", "references": [{"url": "http://forum.avast.com/index.php?topic=55484.0", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/62510", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/38677", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/38689", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/509710/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/38363", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1023644", "source": "cve@mitre.org"}, {"url": "http://www.trapkit.de/advisories/TKADV2010-003.txt", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0449", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption."}, {"lang": "es", "value": "Aavmker4.sys en avast! desde v4.8 hasta v4.8.1368.0 y v5.0 anteriores a v5.0.418.0 corriendo sobre Windows 2000 o XP, no valida adecuadamente una entrada a IOCTL 0xb2d60030, lo que permite a usuarios locales producir una denegaci\u00f3n de servicio (ca\u00edda del sistema) o ejecutar c\u00f3digo arbitrario para ganar privilegios a trav\u00e9s de peticiones IOCTL utilizando direcciones de kernel manipuladas que inician una corrupci\u00f3n de memoria."}], "lastModified": "2018-10-10T19:53:24.980", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:avast:avast_antivirus_home:*:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CEB7AA8-9B1C-497F-89E7-B5E9AC2A71D6", "versionEndIncluding": "5.0.396.0"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1169:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8C4E148-EAD0-433C-B0C3-3124B0288CC6"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1195:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1867FC4C-01BC-4FA1-B33F-66CE7D4AD9B6"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1201:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79057030-D57C-4DAC-B9F9-FE2CED222481"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1227:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CE03B00-0277-4738-8DA6-AFD09830B0DD"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1229:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "921BC39F-E4EC-4B4C-BC7D-8002B7C3A85A"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1282:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B03B958E-8FAA-48E4-BD0D-3577B7150284"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1290:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36902F71-4215-40B5-93B5-75A5634D4501"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1296:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F087F04-EF9C-43F0-95F0-36AD5182F02B"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1335:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1757311C-A432-4056-A480-12713E4E0024"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1351:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC6D7AC9-3351-4AE7-B2E3-00AD7C7B2E2C"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.8.1368.0:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B660EA03-1E06-4C97-A695-B2BD668BC7E5"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:*:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D175167F-E8B0-4682-81AB-2D6B94FABC58", "versionEndIncluding": "5.0.396.0"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1169:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC35E740-8BE7-4479-B684-6E304204B358"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1195:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "083372F2-D738-4698-97CF-F71748BE4877"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1201:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38BAD92D-F9D8-4295-B9BD-FFB354937ED4"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1227:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0348CFA9-6DC0-4FCE-B6B8-3D0D9086471F"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1229:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03B69989-B458-4624-B40F-37A7FCD11BA9"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1282:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA7CEE2D-C92B-45A9-89F0-42A7DFAA7DD9"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1290:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDCB885F-8175-41B3-A6A6-1A9A3A239548"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1296:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82039FC7-19D9-471C-A781-87D4CCE807CE"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1335:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6D8AF4B-27E2-4A7B-A474-AF453F6A22F3"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1351:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F398BFA7-75F1-49C5-A306-820C77EEBAE2"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1356.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A119A362-47B2-4798-9BDF-75AB46242877"}, {"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.8.1368.0:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8EE159F-580F-4C8E-B2EC-C01E8930B41A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

7.2 /10