Vulnerability Description
Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avast | Avast Antivirus Home | 4.8.1351 |
| Avast | Avast Antivirus Professional | 4.8.1351 |
Related Weaknesses (CWE)
References
- http://osvdb.org/58402
- http://secunia.com/advisories/36858Vendor Advisory
- http://www.avast.com/eng/avast-4-home_pro-revision-history.htmlVendor Advisory
- http://www.securityfocus.com/archive/1/506681/100/0/threaded
- http://www.securityfocus.com/bid/36507Exploit
- http://www.securitytracker.com/id?1022940
- http://www.vupen.com/english/advisories/2009/2761Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53456
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://www.evilfingers.com/advisory/Advisory/Avast_aswMon2.sys_kernel_memory_coExploit
- http://osvdb.org/58402
- http://secunia.com/advisories/36858Vendor Advisory
- http://www.avast.com/eng/avast-4-home_pro-revision-history.htmlVendor Advisory
- http://www.securityfocus.com/archive/1/506681/100/0/threaded
- http://www.securityfocus.com/bid/36507Exploit
FAQ
What is CVE-2009-3522?
CVE-2009-3522 is a vulnerability with a CVSS score of 7.2 (HIGH). Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system cr...
How severe is CVE-2009-3522?
CVE-2009-3522 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3522?
Check the references section above for vendor advisories and patch information. Affected products include: Avast Avast Antivirus Home, Avast Avast Antivirus Professional.