Strix
26.1K

CVE-2009-3523

UnknownEPSS 0.78%

Last modified

CVE-2009-3523 is a vulnerability of currently unknown severity. aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625.. EPSS estimates a 0.78% chance of exploitation in the next 30 days.

Description

aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625.

Metrics

EPSS Probability
0.78%

51.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AvastAvast Antivirus Home<= 4.8.1351
AvastAvast Antivirus Home4.7.827
AvastAvast Antivirus Home4.7.844
AvastAvast Antivirus Home4.7.869
AvastAvast Antivirus Home4.7.1043
AvastAvast Antivirus Home4.7.1098
AvastAvast Antivirus Home4.8.1169
AvastAvast Antivirus Home4.8.1195
AvastAvast Antivirus Home4.8.1201
AvastAvast Antivirus Home4.8.1227
AvastAvast Antivirus Home4.8.1229
AvastAvast Antivirus Home4.8.1282
AvastAvast Antivirus Home4.8.1290
AvastAvast Antivirus Home4.8.1296
AvastAvast Antivirus Home4.8.1335
AvastAvast Antivirus Professional<= 4.8.1351
AvastAvast Antivirus Professional4.7.827
AvastAvast Antivirus Professional4.7.844
AvastAvast Antivirus Professional4.7.1043
AvastAvast Antivirus Professional4.7.1098
AvastAvast Antivirus Professional4.8.1169
AvastAvast Antivirus Professional4.8.1195
AvastAvast Antivirus Professional4.8.1201
AvastAvast Antivirus Professional4.8.1227
AvastAvast Antivirus Professional4.8.1229
AvastAvast Antivirus Professional4.8.1282
AvastAvast Antivirus Professional4.8.1290
AvastAvast Antivirus Professional4.8.1296
AvastAvast Antivirus Professional4.8.1335

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2009-3523?
aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625.
How severe is CVE-2009-3523?
Severity scoring for CVE-2009-3523 is pending analysis. The EPSS model estimates a 0.78% probability of exploitation in the next 30 days.
How do I fix CVE-2009-3523?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-3523?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST