CVE-2009-4049

Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:avast:avast_antivirus_home:4.8.1356.0:*:*:*:*:*:*:*
cpe:2.3:a:avast:avast_antivirus_professional:4.8.1356.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:08

Type Values Removed Values Added
References () http://secunia.com/advisories/37368 - Vendor Advisory () http://secunia.com/advisories/37368 - Vendor Advisory
References () http://www.efblog.net/2009/11/avast-aswrdrsys-kernel-pool-corruption.html - () http://www.efblog.net/2009/11/avast-aswrdrsys-kernel-pool-corruption.html -
References () http://www.securityfocus.com/archive/1/507891/100/0/threaded - () http://www.securityfocus.com/archive/1/507891/100/0/threaded -
References () http://www.securityfocus.com/bid/37031 - Exploit () http://www.securityfocus.com/bid/37031 - Exploit
References () http://www.vupen.com/english/advisories/2009/3266 - Vendor Advisory () http://www.vupen.com/english/advisories/2009/3266 - Vendor Advisory
References () https://www.evilfingers.com/advisory/Advisory/Avast_aswRdr_sys_Kernel_Pool_Corruption_and_Local_Privilege_Escalation.php - () https://www.evilfingers.com/advisory/Advisory/Avast_aswRdr_sys_Kernel_Pool_Corruption_and_Local_Privilege_Escalation.php -

Information

Published : 2009-11-23 17:30

Updated : 2024-11-21 01:08


NVD link : CVE-2009-4049

Mitre link : CVE-2009-4049

CVE.ORG link : CVE-2009-4049


JSON object : View

Products Affected

avast

  • avast_antivirus_professional
  • avast_antivirus_home
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer