Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3522

CWE-119 — Buffer Overflow4 documents4 sources

Severity

7.2HIGH

EPSS

0.5%

top 33.69%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Avast Avast Antivirus Home Avast Avast Antivirus Professional

Timeline

PublishedOct 1

Latest updateMay 2

Description

Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDavast/avast_antivirus_home4.8.1351

▶NVDavast/avast_antivirus_professional4.8.1351

🔴Vulnerability Details

GHSA

GHSA-3r45-7993-xcwr: Stack-based buffer overflow in aswMon2↗2022-05-02

▶

CVEList

CVE-2009-3522: Stack-based buffer overflow in aswMon2↗2009-10-01

▶

💥Exploits & PoCs

Exploit-DB

Avast! 4.8.1351.0 AntiVirus - 'aswMon2.sys' Kernel Memory Corruption↗2009-11-17

▶