CVE-2009-3522

avast! Home and Professional < 4.8.1356 - Local Privilege Escalation via IOCTL 0xb2c80018

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3522. PoCs published by Giuseppe.

AI-analyzed exploit summary This exploit targets a kernel memory corruption vulnerability in Avast 4.8.1351.0's aswMon2.sys driver via a crafted DeviceIoControl call. It allocates a buffer filled with 'A's and sends it to the driver, potentially causing a crash or arbitrary code execution.

Description

Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Giuseppe · cdoswindows

https://www.exploit-db.com/exploits/10106

View Code ZIP pw:eip

This exploit targets a kernel memory corruption vulnerability in Avast 4.8.1351.0's aswMon2.sys driver via a crafted DeviceIoControl call. It allocates a buffer filled with 'A's and sends it to the driver, potentially causing a crash or arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Avast Antivirus 4.8.1351.0

No auth needed

Prerequisites: Access to the system with Avast 4.8.1351.0 installed · Ability to execute code on the target system

MITRE ATT&CK