EIP-2026-114962

This exploit demonstrates a heap underflow vulnerability in Avira Antivirus's PE file parser. By crafting a malicious PE file with a section header containing a large relative virtual address, an attacker can trigger a memcpy operation that writes controlled data before the allocated heap buffer, leading to potential remote code execution as NT AUTHORITY\SYSTEM.