CVE-2009-3522

Avast Antivirus Home - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Giuseppe · cdoswindows

https://www.exploit-db.com/exploits/10106

View Code ZIP pw:eip

References (10)

[Vendor Advisory] http://secunia.com/advisories/36858

[Vendor Advisory] http://www.avast.com/eng/avast-4-home_pro-revision-history.html

[Exploit] http://www.securityfocus.com/bid/36507

[Vendor Advisory] http://www.vupen.com/english/advisories/2009/2761

[Exploit] https://www.evilfingers.com/advisory/Advisory/Avast_aswMon2.sys_kernel_memory_corruption_and_Local_Privilege_Escalation.php

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/506681/100/0/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/53456

[Third Party Advisory, VDB Entry] http://osvdb.org/58402

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6226

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1022940

Scores

EPSS 0.0044

EPSS Percentile 63.1%

Details

CWE

CWE-119

Status published

Products (2)

avast/avast_antivirus_home 4.8.1351

avast/avast_antivirus_professional 4.8.1351

Published Oct 01, 2009

Tracked Since Feb 18, 2026