* CVE: CVE-2015-8620 * Vendor: Avast * Reported by: Kyriakos Economou * Date of Release: 17/02/2016 * Affected Products: Multiple * Affected Version: <= v11.1.2245 * Fixed Version: v11.1.2253 Description: A heap overflow bug in the Avast Virtualization kernel mode driver (aswSnx.sys) allows a local attacker to elevate his privileges from any account type and execute code as SYSTEM. Affected Products: Avast Internet Security v11.1.2245 Avast Pro Antivirus v11.1.2245 Avast Premier v11.1.2245 Avast Free Antivirus v11.1.2245 Earlier versions of these products are affected as well. Technical Details: The Avast virtualization kernel mode driver (aswSnx.sys) does not validate the length of absolute Unicode file paths in some of the IOCTL requests that receives from userland, which are later copied on fixed length paged pool memory allocations. This allows to corrupt a kernel object that the attacker controls, and execute code as SYSTEM. Example: kd> !pool a8f45816 Pool page a8f45816 region is Paged pool a8f45000 size: 418 previous size: 0 (Allocated) Dire (Protected)
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment