Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-1625Antivirus Home vulnerability

CWE-2644 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 75.57%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Avast Antivirus HomeAvast Antivirus Professional
Timeline
PublishedApr 2
Latest updateMay 1

Description

aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.1 | Impact: 10.0

Affected Packages2 packages

NVDavast/avast_antivirus_home5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-wr6q-9jvw-7c6w: aavmker42022-05-01
CVEList
CVE-2008-1625: aavmker42008-04-02

💥Exploits & PoCs

1
Exploit-DB
Avast! 4.7 - 'aavmker4.sys' Local Privilege Escalation2010-04-27
CVE-2008-1625 — Avast Antivirus Home vulnerability | cvebase