CVE-2016-4025

Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call.
References
Link Resource
https://labs.nettitude.com/blog/escaping-avast-sandbox-using-single-ioctl-cve-2016-4025/ Technical Description Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:avast:business_security:11.1.2241:*:*:*:*:*:*:*
cpe:2.3:a:avast:business_security:11.1.2245:*:*:*:*:*:*:*
cpe:2.3:a:avast:business_security:11.1.2253:*:*:*:*:*:*:*
cpe:2.3:a:avast:business_security:11.1.2260:*:*:*:*:*:*:*
cpe:2.3:a:avast:business_security:11.1.2261:*:*:*:*:*:*:*
cpe:2.3:a:avast:business_security:11.1.2262:*:*:*:*:*:*:*
cpe:2.3:a:avast:free_antivirus:11.1.2241:*:*:*:*:*:*:*
cpe:2.3:a:avast:free_antivirus:11.1.2245:*:*:*:*:*:*:*
cpe:2.3:a:avast:free_antivirus:11.1.2253:*:*:*:*:*:*:*
cpe:2.3:a:avast:free_antivirus:11.1.2260:*:*:*:*:*:*:*
cpe:2.3:a:avast:free_antivirus:11.1.2261:*:*:*:*:*:*:*
cpe:2.3:a:avast:free_antivirus:11.1.2262:*:*:*:*:*:*:*
cpe:2.3:a:avast:internet_security:11.1.2241:*:*:*:*:*:*:*
cpe:2.3:a:avast:internet_security:11.1.2245:*:*:*:*:*:*:*
cpe:2.3:a:avast:internet_security:11.1.2253:*:*:*:*:*:*:*
cpe:2.3:a:avast:internet_security:11.1.2260:*:*:*:*:*:*:*
cpe:2.3:a:avast:internet_security:11.1.2261:*:*:*:*:*:*:*
cpe:2.3:a:avast:internet_security:11.1.2262:*:*:*:*:*:*:*
cpe:2.3:a:avast:premier:11.1.2241:*:*:*:*:*:*:*
cpe:2.3:a:avast:premier:11.1.2245:*:*:*:*:*:*:*
cpe:2.3:a:avast:premier:11.1.2253:*:*:*:*:*:*:*
cpe:2.3:a:avast:premier:11.1.2260:*:*:*:*:*:*:*
cpe:2.3:a:avast:premier:11.1.2261:*:*:*:*:*:*:*
cpe:2.3:a:avast:premier:11.1.2262:*:*:*:*:*:*:*
cpe:2.3:a:avast:pro_antivirus:11.1.2241:*:*:*:*:*:*:*
cpe:2.3:a:avast:pro_antivirus:11.1.2245:*:*:*:*:*:*:*
cpe:2.3:a:avast:pro_antivirus:11.1.2253:*:*:*:*:*:*:*
cpe:2.3:a:avast:pro_antivirus:11.1.2260:*:*:*:*:*:*:*
cpe:2.3:a:avast:pro_antivirus:11.1.2261:*:*:*:*:*:*:*
cpe:2.3:a:avast:pro_antivirus:11.1.2262:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:avast:email_server_security:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:email_server_security:8.0.1606:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection:8.0.1606:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection_plus:8.0.1606:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection_plus:8.0.1609:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection_suite:8.0.1606:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection_suite_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection_suite_plus:8.0.1606:*:*:*:*:*:*:*
cpe:2.3:a:avast:file_server_security:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:file_server_security:8.0.1606:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-11-03 10:59

Updated : 2024-02-28 15:21


NVD link : CVE-2016-4025

Mitre link : CVE-2016-4025

CVE.ORG link : CVE-2016-4025


JSON object : View

Products Affected

avast

  • pro_antivirus
  • endpoint_protection
  • premier
  • business_security
  • free_antivirus
  • internet_security
  • endpoint_protection_suite
  • endpoint_protection_suite_plus
  • endpoint_protection_plus
  • email_server_security
  • file_server_security
CWE
CWE-254

7PK - Security Features