CVE-2016-4025

Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:avast:business_security:11.1.2241:*:*:*:*:*:*:*
cpe:2.3:a:avast:business_security:11.1.2245:*:*:*:*:*:*:*
cpe:2.3:a:avast:business_security:11.1.2253:*:*:*:*:*:*:*
cpe:2.3:a:avast:business_security:11.1.2260:*:*:*:*:*:*:*
cpe:2.3:a:avast:business_security:11.1.2261:*:*:*:*:*:*:*
cpe:2.3:a:avast:business_security:11.1.2262:*:*:*:*:*:*:*
cpe:2.3:a:avast:free_antivirus:11.1.2241:*:*:*:*:*:*:*
cpe:2.3:a:avast:free_antivirus:11.1.2245:*:*:*:*:*:*:*
cpe:2.3:a:avast:free_antivirus:11.1.2253:*:*:*:*:*:*:*
cpe:2.3:a:avast:free_antivirus:11.1.2260:*:*:*:*:*:*:*
cpe:2.3:a:avast:free_antivirus:11.1.2261:*:*:*:*:*:*:*
cpe:2.3:a:avast:free_antivirus:11.1.2262:*:*:*:*:*:*:*
cpe:2.3:a:avast:internet_security:11.1.2241:*:*:*:*:*:*:*
cpe:2.3:a:avast:internet_security:11.1.2245:*:*:*:*:*:*:*
cpe:2.3:a:avast:internet_security:11.1.2253:*:*:*:*:*:*:*
cpe:2.3:a:avast:internet_security:11.1.2260:*:*:*:*:*:*:*
cpe:2.3:a:avast:internet_security:11.1.2261:*:*:*:*:*:*:*
cpe:2.3:a:avast:internet_security:11.1.2262:*:*:*:*:*:*:*
cpe:2.3:a:avast:premier:11.1.2241:*:*:*:*:*:*:*
cpe:2.3:a:avast:premier:11.1.2245:*:*:*:*:*:*:*
cpe:2.3:a:avast:premier:11.1.2253:*:*:*:*:*:*:*
cpe:2.3:a:avast:premier:11.1.2260:*:*:*:*:*:*:*
cpe:2.3:a:avast:premier:11.1.2261:*:*:*:*:*:*:*
cpe:2.3:a:avast:premier:11.1.2262:*:*:*:*:*:*:*
cpe:2.3:a:avast:pro_antivirus:11.1.2241:*:*:*:*:*:*:*
cpe:2.3:a:avast:pro_antivirus:11.1.2245:*:*:*:*:*:*:*
cpe:2.3:a:avast:pro_antivirus:11.1.2253:*:*:*:*:*:*:*
cpe:2.3:a:avast:pro_antivirus:11.1.2260:*:*:*:*:*:*:*
cpe:2.3:a:avast:pro_antivirus:11.1.2261:*:*:*:*:*:*:*
cpe:2.3:a:avast:pro_antivirus:11.1.2262:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:avast:email_server_security:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:email_server_security:8.0.1606:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection:8.0.1606:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection_plus:8.0.1606:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection_plus:8.0.1609:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection_suite:8.0.1606:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection_suite_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection_suite_plus:8.0.1606:*:*:*:*:*:*:*
cpe:2.3:a:avast:file_server_security:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:file_server_security:8.0.1606:*:*:*:*:*:*:*

History

21 Nov 2024, 02:51

Type Values Removed Values Added
References () https://labs.nettitude.com/blog/escaping-avast-sandbox-using-single-ioctl-cve-2016-4025/ - Technical Description, Third Party Advisory () https://labs.nettitude.com/blog/escaping-avast-sandbox-using-single-ioctl-cve-2016-4025/ - Technical Description, Third Party Advisory

Information

Published : 2016-11-03 10:59

Updated : 2024-11-21 02:51


NVD link : CVE-2016-4025

Mitre link : CVE-2016-4025

CVE.ORG link : CVE-2016-4025


JSON object : View

Products Affected

avast

  • file_server_security
  • business_security
  • endpoint_protection_plus
  • free_antivirus
  • pro_antivirus
  • endpoint_protection_suite
  • premier
  • endpoint_protection
  • email_server_security
  • endpoint_protection_suite_plus
  • internet_security
CWE
CWE-254

7PK - Security Features