6.9
CVE-2009-3523
- EPSS 0.16%
- Published 01.10.2009 17:00:00
- Last modified 09.04.2025 00:30:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625.
Data is provided by the National Vulnerability Database (NVD)
Avast ≫ Avast Antivirus Home Editionwindows Version <= 4.8.1351
Avast ≫ Avast Antivirus Home Version4.7.827 Editionwindows
Avast ≫ Avast Antivirus Home Version4.7.844 Editionwindows
Avast ≫ Avast Antivirus Home Version4.7.869 Editionwindows
Avast ≫ Avast Antivirus Home Version4.7.1043 Editionwindows
Avast ≫ Avast Antivirus Home Version4.7.1098 Editionwindows
Avast ≫ Avast Antivirus Home Version4.8.1169 Editionwindows
Avast ≫ Avast Antivirus Home Version4.8.1195 Editionwindows
Avast ≫ Avast Antivirus Home Version4.8.1201 Editionwindows
Avast ≫ Avast Antivirus Home Version4.8.1227 Editionwindows
Avast ≫ Avast Antivirus Home Version4.8.1229 Editionwindows
Avast ≫ Avast Antivirus Home Version4.8.1282 Editionwindows
Avast ≫ Avast Antivirus Home Version4.8.1290 Editionwindows
Avast ≫ Avast Antivirus Home Version4.8.1296 Editionwindows
Avast ≫ Avast Antivirus Home Version4.8.1335 Editionwindows
Avast ≫ Avast Antivirus Professional Editionwindows Version <= 4.8.1351
Avast ≫ Avast Antivirus Professional Version4.7.827 Editionwindows
Avast ≫ Avast Antivirus Professional Version4.7.844 Editionwindows
Avast ≫ Avast Antivirus Professional Version4.7.1043 Editionwindows
Avast ≫ Avast Antivirus Professional Version4.7.1098 Editionwindows
Avast ≫ Avast Antivirus Professional Version4.8.1169 Editionwindows
Avast ≫ Avast Antivirus Professional Version4.8.1195 Editionwindows
Avast ≫ Avast Antivirus Professional Version4.8.1201 Editionwindows
Avast ≫ Avast Antivirus Professional Version4.8.1227 Editionwindows
Avast ≫ Avast Antivirus Professional Version4.8.1229 Editionwindows
Avast ≫ Avast Antivirus Professional Version4.8.1282 Editionwindows
Avast ≫ Avast Antivirus Professional Version4.8.1290 Editionwindows
Avast ≫ Avast Antivirus Professional Version4.8.1296 Editionwindows
Avast ≫ Avast Antivirus Professional Version4.8.1335 Editionwindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.333 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.