CVE-2008-1625

avast! Home and Professional 4.7 - Privilege Escalation

Title source: llm

Description

aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests.

Exploits (1)

exploitdb WORKING POC

pythonlocalwindows

https://www.exploit-db.com/exploits/12406

View Code ZIP pw:eip

References (8)

[Vendor Advisory] http://secunia.com/advisories/29605

[Various Sources] http://www.avast.com/eng/avast-4-home_pro-revision-history.html

[Various Sources] http://www.trapkit.de/advisories/TKADV2008-002.txt

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41527

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/490321/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/28502

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019732

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1034/references

Scores

EPSS 0.0008

EPSS Percentile 24.3%

Details

CWE

CWE-264

Status published

Products (9)

avast/avast_antivirus_home 4.7.827

avast/avast_antivirus_home 4.7.844

avast/avast_antivirus_home 4.7.869

avast/avast_antivirus_home 4.7.1043

avast/avast_antivirus_home 4.7.1098

avast/avast_antivirus_professional 4.7.827

avast/avast_antivirus_professional 4.7.844

avast/avast_antivirus_professional 4.7.1043

avast/avast_antivirus_professional 4.7.1098

Published Apr 02, 2008

Tracked Since Feb 18, 2026