Alwil Avast Antivirus vulnerabilities

CVE-2012-1443 [MEDIUM] CWE-264 CVE-2012-1443: The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 1 The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.

CVE-2012-1459 [MEDIUM] CWE-264 CVE-2012-1459: The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy La The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Ant

CVE-2012-1457 [MEDIUM] CWE-264 CVE-2012-1457: The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.13 The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Viru

CVE-2007-0829 [MEDIUM] CVE-2007-0829: avast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even avast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set, which allows local users to bypass authentication requirements.

CVE-2006-4626 [HIGH] CVE-2006-4626: Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and directory names whose concatenation triggers the overflow.

CVE-2006-2869 [CRITICAL] CVE-2006-2869: Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 has unknown impact and remote Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 has unknown impact and remote attack vectors.

CVE-2006-1892 [MEDIUM] CVE-2006-1892: avast! 4 Linux Home Edition 1.0.5 allows local users to modify permissions of arbitrary files via a avast! 4 Linux Home Edition 1.0.5 allows local users to modify permissions of arbitrary files via a symlink attack on the /tmp/_avast4_ temporary directory.

CVE-2006-1355 [HIGH] CVE-2006-1355: avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissions to critical system files in avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissions to critical system files in the installation folder, which allows local users to gain privileges or disable protection by modifying those files.

CVE-2005-2385 [HIGH] CVE-2005-2385: Buffer overflow in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home Buffer overflow in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to execute arbitrary code via an ACE archive containing a long filename.

CVE-2005-2384 [MEDIUM] CVE-2005-2384: Directory traversal vulnerability in a third-party compression library (UNACEV2.DLL), as used in ava Directory traversal vulnerability in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to write arbitrary files via an ACE archive containing filenames with (1) .. or (2) absolute pathnames.

CVE-2005-1770 [HIGH] CWE-119 CVE-2005-1770: Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 and possibly other versions al Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 and possibly other versions allows local users to cause a denial of service (system crash) and possibly execute arbitrary code via certain signals combined with crafted input.

CVE-2005-1719 [HIGH] CVE-2005-1719: Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and earlier, when running on Windows NT Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and earlier, when running on Windows NT 4.0, does not properly detect certain viruses.