CVE-2009-3523

avast! Home and Professional < 4.8.1356 - Local Privilege Escalation via IOCTL Input Validation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3523.

AI-analyzed exploit summary This is a functional privilege escalation exploit targeting a vulnerability in avast! 4.7's aavmker4.sys driver. It leverages arbitrary memory writes and function pointer manipulation to execute a ring0 payload, ultimately spawning a bindshell on port 4444.

Description

aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625.

Exploits (1)

exploitdb WORKING POC

pythonlocalwindows

https://www.exploit-db.com/exploits/12406

View Code ZIP pw:eip

This is a functional privilege escalation exploit targeting a vulnerability in avast! 4.7's aavmker4.sys driver. It leverages arbitrary memory writes and function pointer manipulation to execute a ring0 payload, ultimately spawning a bindshell on port 4444.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: avast! 4.7 (aavmker4.sys)

No auth needed

Prerequisites: avast! 4.7 installed on Windows XP SP2/SP3 · DEP enabled

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1211 - Exploitation for Defense Evasion

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit x_refsource_misc

http://www.ntinternals.org/ntiadv0904/ntiadv0904.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6024

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36858

Various Sources x_refsource_confirm

http://www.avast.com/eng/avast-4-home_pro-revision-history.html

Scores

EPSS 0.0078

EPSS Percentile 51.1%

Details

CWE

CWE-20

Status published

Products (29)

avast/avast_antivirus_home 4.7.827

avast/avast_antivirus_home 4.7.844

avast/avast_antivirus_home 4.7.869

avast/avast_antivirus_home 4.7.1043

avast/avast_antivirus_home 4.7.1098

avast/avast_antivirus_home 4.8.1169

avast/avast_antivirus_home 4.8.1195

avast/avast_antivirus_home 4.8.1201

avast/avast_antivirus_home 4.8.1227

avast/avast_antivirus_home 4.8.1229

... and 19 more

Published Oct 01, 2009

Tracked Since Feb 18, 2026