Vulnerability Description
Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avast | Business Security | 11.1.2241 |
| Avast | Free Antivirus | 11.1.2241 |
| Avast | Internet Security | 11.1.2241 |
| Avast | Premier | 11.1.2241 |
| Avast | Pro Antivirus | 11.1.2241 |
| Avast | Email Server Security | <= 8.0.1609 |
| Avast | Endpoint Protection | <= 8.0.1609 |
| Avast | Endpoint Protection Plus | 8.0.1606 |
| Avast | Endpoint Protection Suite | <= 8.0.1609 |
| Avast | Endpoint Protection Suite Plus | <= 8.0.1609 |
| Avast | File Server Security | <= 8.0.1609 |
Related Weaknesses (CWE)
References
- https://labs.nettitude.com/blog/escaping-avast-sandbox-using-single-ioctl-cve-20Technical DescriptionThird Party Advisory
- https://labs.nettitude.com/blog/escaping-avast-sandbox-using-single-ioctl-cve-20Technical DescriptionThird Party Advisory
FAQ
What is CVE-2016-4025?
CVE-2016-4025 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protec...
How severe is CVE-2016-4025?
CVE-2016-4025 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-4025?
Check the references section above for vendor advisories and patch information. Affected products include: Avast Business Security, Avast Free Antivirus, Avast Internet Security, Avast Premier, Avast Pro Antivirus.