Vulnerability Description
Heap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privileges via a Unicode file path in an IOCTL request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avast | Avast Free Antivirus | <= 11.1.2245 |
| Avast | Avast Internet Security | <= 11.1.2245 |
| Avast | Avast Premier | <= 11.1.2245 |
| Avast | Avast Pro Antivirus | <= 11.1.2245 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/135859/Avast-11.1.2245-Heap-Overflow.htmlExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2016/Feb/94ExploitMailing ListThird Party Advisory
- http://www.securitytracker.com/id/1035093Third Party AdvisoryVDB Entry
- https://www.nettitude.co.uk/exploiting-a-kernel-paged-pool-buffer-overflow-in-avExploit
- http://packetstormsecurity.com/files/135859/Avast-11.1.2245-Heap-Overflow.htmlExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2016/Feb/94ExploitMailing ListThird Party Advisory
- http://www.securitytracker.com/id/1035093Third Party AdvisoryVDB Entry
- https://www.nettitude.co.uk/exploiting-a-kernel-paged-pool-buffer-overflow-in-avExploit
FAQ
What is CVE-2015-8620?
CVE-2015-8620 is a vulnerability with a CVSS score of 7.8 (HIGH). Heap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privileges...
How severe is CVE-2015-8620?
CVE-2015-8620 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8620?
Check the references section above for vendor advisories and patch information. Affected products include: Avast Avast Free Antivirus, Avast Avast Internet Security, Avast Avast Premier, Avast Avast Pro Antivirus.