CVE-2016-4025

{"id": "CVE-2016-4025", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2016-11-03T10:59:02.557", "references": [{"url": "https://labs.nettitude.com/blog/escaping-avast-sandbox-using-single-ioctl-cve-2016-4025/", "tags": ["Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-254"}]}], "descriptions": [{"lang": "en", "value": "Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call."}, {"lang": "es", "value": "Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x y Email Server Security v8.x.x permiten a atacantes eludir la funcionalidad DeepScreen a trav\u00e9s de una llamada DeviceIoControll."}], "lastModified": "2016-11-04T19:03:31.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:avast:business_security:11.1.2241:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD7F8F8F-B719-4507-9AED-FFB2C6548966"}, {"criteria": "cpe:2.3:a:avast:business_security:11.1.2245:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74137F72-BE60-40CE-8DDA-A3A537EE7F7F"}, {"criteria": "cpe:2.3:a:avast:business_security:11.1.2253:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28A89E27-EE44-42ED-947C-6CAAAF47DC3E"}, {"criteria": "cpe:2.3:a:avast:business_security:11.1.2260:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E684724-98FC-4383-A8E0-7ADA9DFB63C4"}, {"criteria": "cpe:2.3:a:avast:business_security:11.1.2261:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42B26560-F8DB-4DDA-B3CF-30AFE90C22C6"}, {"criteria": "cpe:2.3:a:avast:business_security:11.1.2262:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAB67D3F-9824-4176-B59B-E2BD28EC4C3F"}, {"criteria": "cpe:2.3:a:avast:free_antivirus:11.1.2241:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62607F64-4AA3-4286-8ACC-AF1AC98C9C31"}, {"criteria": "cpe:2.3:a:avast:free_antivirus:11.1.2245:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FDB3978-FF4A-49F6-84D2-323B8D92F3C5"}, {"criteria": "cpe:2.3:a:avast:free_antivirus:11.1.2253:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B3B5423-632F-4B1E-894E-746976D0BE4B"}, {"criteria": "cpe:2.3:a:avast:free_antivirus:11.1.2260:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C682E3D5-9051-490A-B091-7A7580970B86"}, {"criteria": "cpe:2.3:a:avast:free_antivirus:11.1.2261:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B408F0F-31F0-4D14-BC9D-B97568F86A09"}, {"criteria": "cpe:2.3:a:avast:free_antivirus:11.1.2262:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD2591E4-E203-4C17-B1F1-C1F61C5B3E3B"}, {"criteria": "cpe:2.3:a:avast:internet_security:11.1.2241:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "941EADBE-7A31-4281-8D8E-9CF39D919865"}, {"criteria": "cpe:2.3:a:avast:internet_security:11.1.2245:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0FFCEEA-55DC-4640-BA0F-8B1D44FD5017"}, {"criteria": "cpe:2.3:a:avast:internet_security:11.1.2253:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EF50776-252D-44D4-B87B-4CEDBF533A61"}, {"criteria": "cpe:2.3:a:avast:internet_security:11.1.2260:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BB93D9E-98A1-4F3A-8796-9C2A4791B019"}, {"criteria": "cpe:2.3:a:avast:internet_security:11.1.2261:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "962B6E6C-1808-450D-921F-6B89FABBE71F"}, {"criteria": "cpe:2.3:a:avast:internet_security:11.1.2262:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAE5C6E1-4F99-4B33-BBE3-D8E5B536AF51"}, {"criteria": "cpe:2.3:a:avast:premier:11.1.2241:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51C30573-F046-4FA7-87CB-355C848249A5"}, {"criteria": "cpe:2.3:a:avast:premier:11.1.2245:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45045184-5F6D-4878-B6A4-D3049FB73FB4"}, {"criteria": "cpe:2.3:a:avast:premier:11.1.2253:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA713EB7-F992-43AD-B59C-B237CB584BC8"}, {"criteria": "cpe:2.3:a:avast:premier:11.1.2260:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D1EB05A-EC69-4DAB-8514-DC0CEC62D594"}, {"criteria": "cpe:2.3:a:avast:premier:11.1.2261:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC05DA03-8761-4514-AD24-840E247B71B5"}, {"criteria": "cpe:2.3:a:avast:premier:11.1.2262:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1B25F32-1927-48D2-9211-97CD6C0CF648"}, {"criteria": "cpe:2.3:a:avast:pro_antivirus:11.1.2241:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA634DA9-F172-44A0-97B8-0813116FE7F0"}, {"criteria": "cpe:2.3:a:avast:pro_antivirus:11.1.2245:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17DCA49C-BFBD-43BC-925A-3100AA4FC6FE"}, {"criteria": "cpe:2.3:a:avast:pro_antivirus:11.1.2253:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30B89F5F-E2D6-40E3-8AAB-E8A3AECFC0FA"}, {"criteria": "cpe:2.3:a:avast:pro_antivirus:11.1.2260:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7FCC052-752E-4209-BD20-8B7FDEE8EB93"}, {"criteria": "cpe:2.3:a:avast:pro_antivirus:11.1.2261:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F400F9A3-27A3-439B-BC71-BF3E309CB3B7"}, {"criteria": "cpe:2.3:a:avast:pro_antivirus:11.1.2262:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0519F925-5B4E-48BD-9D0D-BDA59773F107"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:avast:email_server_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6E4BEE8-8F3E-48BA-ABB5-BD973988A65B", "versionEndIncluding": "8.0.1609"}, {"criteria": "cpe:2.3:a:avast:email_server_security:8.0.1606:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCE04B0A-4555-4745-A1DA-BC1C0697A9F8"}, {"criteria": "cpe:2.3:a:avast:endpoint_protection:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C0A3804-C553-4C1F-8829-9BE203C846E6", "versionEndIncluding": "8.0.1609"}, {"criteria": "cpe:2.3:a:avast:endpoint_protection:8.0.1606:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3286C3D1-22CA-4AE6-B928-4E3641DE9444"}, {"criteria": "cpe:2.3:a:avast:endpoint_protection_plus:8.0.1606:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A4FE625-9737-481F-B4D6-F5CD2E59BD5E"}, {"criteria": "cpe:2.3:a:avast:endpoint_protection_plus:8.0.1609:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C821158E-F617-450E-932E-9443CF4214B5"}, {"criteria": "cpe:2.3:a:avast:endpoint_protection_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FA8F9-E4B7-4BD6-8E06-A149621258A1", "versionEndIncluding": "8.0.1609"}, {"criteria": "cpe:2.3:a:avast:endpoint_protection_suite:8.0.1606:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EB1F2FD-F5EA-47C3-AD62-8E75910B1262"}, {"criteria": "cpe:2.3:a:avast:endpoint_protection_suite_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D56E3AA-DCA8-4ED8-8FA4-AF22EFD53E25", "versionEndIncluding": "8.0.1609"}, {"criteria": "cpe:2.3:a:avast:endpoint_protection_suite_plus:8.0.1606:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48365E94-3477-4662-951F-2E8A0B878BED"}, {"criteria": "cpe:2.3:a:avast:file_server_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4DC12C0-E975-4081-9727-C0A2C7697228", "versionEndIncluding": "8.0.1609"}, {"criteria": "cpe:2.3:a:avast:file_server_security:8.0.1606:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A134B646-A38A-4B78-AEAE-EB635BFC3501"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}