AVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.
References
Configurations
History
21 Nov 2024, 02:38
Type | Values Removed | Values Added |
---|---|---|
References | () http://blog.ensilo.com/the-av-vulnerability-that-bypasses-mitigations - | |
References | () http://breakingmalware.com/vulnerabilities/sedating-watchdog-abusing-security-products-bypass-mitigations/ - | |
References | () http://breakingmalware.com/vulnerabilities/vulnerability-patching-learning-from-avg-on-doing-it-right/ - Exploit | |
References | () http://www.securityfocus.com/bid/78813 - |
Information
Published : 2015-12-16 18:59
Updated : 2024-11-21 02:38
NVD link : CVE-2015-8578
Mitre link : CVE-2015-8578
CVE.ORG link : CVE-2015-8578
JSON object : View
Products Affected
avg
- internet_security
CWE
CWE-264
Permissions, Privileges, and Access Controls