Avast Antivirus vulnerabilities

CVE-2023-1586 [MEDIUM] CWE-367 CVE-2023-1586: Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulner Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11

CVE-2023-1587 [MEDIUM] CWE-476 CVE-2023-1587: Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-int Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast and AVG Antivirus version 22.11

CVE-2023-1585 [MEDIUM] CWE-367 CVE-2023-1585: Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulner Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later.

CVE-2015-5662 [MEDIUM] CWE-22 CVE-2015-5662: Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or writ Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive.

CVE-2008-6846 [MEDIUM] CWE-119 CVE-2008-6846: Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow r Multiple stack-based buffer overflows in avast! Linux Home Edition 1.0.5, 1.0.5-1, and 1.0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed (1) ISO or (2) RPM file.

CVE-2008-5523 [CRITICAL] CVE-2008-5523: avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypas avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745

CVE-2007-2845 [CRITICAL] CVE-2007-2845: Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 al Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted CAB archive, resulting from an "integer cast around".

CVE-2007-1673 [HIGH] CWE-399 CVE-2007-1673: unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

CVE-2007-1672 [HIGH] CVE-2007-1672: avast! antivirus before 4.7.981 allows remote attackers to cause a denial of service (infinite loop) avast! antivirus before 4.7.981 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.