CVE-2010-0705

Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.
Severity
UNKNOWN
AV:L/AC:L/Au:N/C:C/I:C/A:C
Atk. Vector
LOCAL
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
avastavast_antivirus_home
𝑥
≤ 5.0.396.0
avastavast_antivirus_home
4.8.1169
avastavast_antivirus_home
4.8.1195
avastavast_antivirus_home
4.8.1201
avastavast_antivirus_home
4.8.1227
avastavast_antivirus_home
4.8.1229
avastavast_antivirus_home
4.8.1282
avastavast_antivirus_home
4.8.1290
avastavast_antivirus_home
4.8.1296
avastavast_antivirus_home
4.8.1335
avastavast_antivirus_home
4.8.1351
avastavast_antivirus_home
4.8.1368.0
avastavast_antivirus_professional
𝑥
≤ 5.0.396.0
avastavast_antivirus_professional
4.8.1169
avastavast_antivirus_professional
4.8.1195
avastavast_antivirus_professional
4.8.1201
avastavast_antivirus_professional
4.8.1227
avastavast_antivirus_professional
4.8.1229
avastavast_antivirus_professional
4.8.1282
avastavast_antivirus_professional
4.8.1290
avastavast_antivirus_professional
4.8.1296
avastavast_antivirus_professional
4.8.1335
avastavast_antivirus_professional
4.8.1351
avastavast_antivirus_professional
4.8.1356.0
avastavast_antivirus_professional
4.8.1368.0
𝑥
= Vulnerable software versions