CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Avast : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-3126 1 Exec Code 2010-08-26 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) file.
2 CVE-2010-0705 20 DoS Exec Code +Priv Mem. Corr. 2010-02-25 2010-02-26
7.2
None Local Low Not required Complete Complete Complete
Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.
3 CVE-2009-4049 119 DoS Overflow +Priv Mem. Corr. 2009-11-23 2009-11-24
7.2
None Local Low Not required Complete Complete Complete
Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024.
4 CVE-2009-3524 2009-10-01 2010-08-21
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors.
5 CVE-2009-3523 20 +Priv Mem. Corr. 2009-10-01 2010-08-21
6.9
None Local Medium Not required Complete Complete Complete
aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625.
6 CVE-2009-3522 119 DoS Overflow +Priv 2009-10-01 2010-08-21
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018.
7 CVE-2008-6846 119 DoS Exec Code Overflow 2009-07-02 2009-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed (1) ISO or (2) RPM file.
8 CVE-2008-5523 20 Bypass 2008-12-12 2009-01-29
9.3
Admin Remote Medium Not required Complete Complete Complete
avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
9 CVE-2008-1625 264 +Priv 2008-04-02 2008-09-05
6.8
Admin Local Low Single system Complete Complete Complete
aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests.
10 CVE-2007-6265 119 Overflow 2007-12-07 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in avast! 4 Home and Professional Editions before 4.7.1098 allows remote attackers to have an unknown impact via a crafted TAR archive.
11 CVE-2007-2845 Exec Code Overflow 2007-05-24 2012-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted CAB archive, resulting from an "integer cast around".
12 CVE-2007-1673 399 DoS 2007-05-08 2008-11-21
7.8
None Remote Low Not required None None Complete
unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
13 CVE-2007-1672 DoS 2007-05-08 2012-11-05
7.8
None Remote Low Not required None None Complete
avast! antivirus before 4.7.981 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
Total number of vulnerabilities : 13   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.