Heap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privileges via a Unicode file path in an IOCTL request.
References
| Link | Resource |
|---|---|
| http://packetstormsecurity.com/files/135859/Avast-11.1.2245-Heap-Overflow.html | Exploit Third Party Advisory VDB Entry |
| http://seclists.org/fulldisclosure/2016/Feb/94 | Exploit Mailing List Third Party Advisory |
| http://www.securitytracker.com/id/1035093 | Third Party Advisory VDB Entry |
| https://www.nettitude.co.uk/exploiting-a-kernel-paged-pool-buffer-overflow-in-avast-virtualization-driver/ | Exploit |
Configurations
Configuration 1 (hide)
|
History
26 Mar 2021, 20:37
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
| References | (FULLDISC) http://seclists.org/fulldisclosure/2016/Feb/94 - Exploit, Mailing List, Third Party Advisory | |
| References | (SECTRACK) http://www.securitytracker.com/id/1035093 - Third Party Advisory, VDB Entry | |
| References | (MISC) http://packetstormsecurity.com/files/135859/Avast-11.1.2245-Heap-Overflow.html - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2016-04-13 14:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-8620
Mitre link : CVE-2015-8620
CVE.ORG link : CVE-2015-8620
JSON object : View
Products Affected
avast
- avast_pro_antivirus
- avast_premier
- avast_internet_security
- avast_free_antivirus
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer