Vulnerability Description
Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avast | Avast Antivirus Home | 4.8.1356.0 |
| Avast | Avast Antivirus Professional | 4.8.1356.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/37368Vendor Advisory
- http://www.efblog.net/2009/11/avast-aswrdrsys-kernel-pool-corruption.html
- http://www.securityfocus.com/archive/1/507891/100/0/threaded
- http://www.securityfocus.com/bid/37031Exploit
- http://www.vupen.com/english/advisories/2009/3266Vendor Advisory
- https://www.evilfingers.com/advisory/Advisory/Avast_aswRdr_sys_Kernel_Pool_Corru
- http://secunia.com/advisories/37368Vendor Advisory
- http://www.efblog.net/2009/11/avast-aswrdrsys-kernel-pool-corruption.html
- http://www.securityfocus.com/archive/1/507891/100/0/threaded
- http://www.securityfocus.com/bid/37031Exploit
- http://www.vupen.com/english/advisories/2009/3266Vendor Advisory
- https://www.evilfingers.com/advisory/Advisory/Avast_aswRdr_sys_Kernel_Pool_Corru
FAQ
What is CVE-2009-4049?
CVE-2009-4049 is a vulnerability with a CVSS score of 7.2 (HIGH). Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privil...
How severe is CVE-2009-4049?
CVE-2009-4049 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4049?
Check the references section above for vendor advisories and patch information. Affected products include: Avast Avast Antivirus Home, Avast Avast Antivirus Professional.