CVE-2010-0705

avast! 4.8-5.0.418.0 - Local Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0705. PoCs published by ryujin.

AI-analyzed exploit summary This exploit targets a privilege escalation vulnerability in avast! 4.7's aavmker4.sys driver by leveraging arbitrary memory writes and function pointer manipulation to execute a ring0 payload, ultimately spawning a bindshell on port 4444.

Description

Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ryujin · pythonlocalwindows

https://www.exploit-db.com/exploits/12406

View Code ZIP pw:eip

This exploit targets a privilege escalation vulnerability in avast! 4.7's aavmker4.sys driver by leveraging arbitrary memory writes and function pointer manipulation to execute a ring0 payload, ultimately spawning a bindshell on port 4444.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: avast! 4.7 (aavmker4.sys)

No auth needed

Prerequisites: avast! 4.7 installed on Windows XP SP2/SP3 · Local access to the target system

MITRE ATT&CK