AVAST vulnerabilities

High Vulnerabilities

Vulnerability Summary for CVE-2009-3522
Original release date:10/01/2009
Last revised:10/02/2009
Source: US-CERT/NIST
Overview

Stack-based buffer overflow in aswMon2.sys in avast! Home and
Professional for Windows 4.8.1351, and possibly other versions before
4.8.1356, allows local users to cause a denial of service (system crash)
and possibly gain privileges via a crafted IOCTL request to IOCTL
0xb2c80018.
http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-3522

Vulnerability Summary for CVE-2009-3524
Original release date:10/01/2009
Last revised:10/05/2009
Source: US-CERT/NIST
Overview

Unspecified vulnerability in ashWsFtr.dll in avast! Home and
Professional for Windows before 4.8.1356 has unknown impact and local
attack vectors.
http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-3524

MEDIUM IMPACT:

Vulnerability Summary for CVE-2009-3523
Original release date:10/01/2009
Last revised:10/05/2009
Source: US-CERT/NIST
Overview

aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356
does not properly validate input to IOCTLs (1) 0xb2d6000c and (2)
0xb2d60034, which allows local users to gain privileges via IOCTL
requests using crafted kernel addresses that trigger memory corruption,
a different vulnerability than CVE-2008-1625.
http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-3523

Additional vulnerabilities not specific to AVAST may be found he
http://securitytracker.com/archives/...ingos/218.html

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---