CVE-2010-0705

Name: CVE-2010-0705
Creator: NVD / NIST
Published: 2010-02-25T18:30:00.377+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.93%

Last modified Jun 16, 2026

CVE-2010-0705 is a vulnerability of currently unknown severity. Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.. EPSS estimates a 0.93% chance of exploitation in the next 30 days.

Description

Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.

Metrics

EPSS Probability

0.93%

56.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Avast	Avast Antivirus Home	<= 5.0.396.0
Avast	Avast Antivirus Home	4.8.1169
Avast	Avast Antivirus Home	4.8.1195
Avast	Avast Antivirus Home	4.8.1201
Avast	Avast Antivirus Home	4.8.1227
Avast	Avast Antivirus Home	4.8.1229
Avast	Avast Antivirus Home	4.8.1282
Avast	Avast Antivirus Home	4.8.1290
Avast	Avast Antivirus Home	4.8.1296
Avast	Avast Antivirus Home	4.8.1335
Avast	Avast Antivirus Home	4.8.1351
Avast	Avast Antivirus Home	4.8.1368.0
Avast	Avast Antivirus Professional	<= 5.0.396.0
Avast	Avast Antivirus Professional	4.8.1169
Avast	Avast Antivirus Professional	4.8.1195
Avast	Avast Antivirus Professional	4.8.1201
Avast	Avast Antivirus Professional	4.8.1227
Avast	Avast Antivirus Professional	4.8.1229
Avast	Avast Antivirus Professional	4.8.1282
Avast	Avast Antivirus Professional	4.8.1290
Avast	Avast Antivirus Professional	4.8.1296
Avast	Avast Antivirus Professional	4.8.1335
Avast	Avast Antivirus Professional	4.8.1351
Avast	Avast Antivirus Professional	4.8.1356.0
Avast	Avast Antivirus Professional	4.8.1368.0

References

http://forum.avast.com/index.php?topic=55484.0Vendor Advisory
http://osvdb.org/62510
http://secunia.com/advisories/38677Vendor Advisory
http://secunia.com/advisories/38689Vendor Advisory
http://www.securityfocus.com/archive/1/509710/100/0/threaded
http://www.securityfocus.com/bid/38363
http://www.securitytracker.com/id?1023644
http://www.trapkit.de/advisories/TKADV2010-003.txt
http://www.vupen.com/english/advisories/2010/0449Vendor Advisory
http://forum.avast.com/index.php?topic=55484.0Vendor Advisory
http://osvdb.org/62510
http://secunia.com/advisories/38677Vendor Advisory
http://secunia.com/advisories/38689Vendor Advisory
http://www.securityfocus.com/archive/1/509710/100/0/threaded
http://www.securityfocus.com/bid/38363
http://www.securitytracker.com/id?1023644
http://www.trapkit.de/advisories/TKADV2010-003.txt
http://www.vupen.com/english/advisories/2010/0449Vendor Advisory

Timeline

Published: Feb 25, 2010
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2010-0705?

How severe is CVE-2010-0705?

Severity scoring for CVE-2010-0705 is pending analysis. The EPSS model estimates a 0.93% probability of exploitation in the next 30 days.

How do I fix CVE-2010-0705?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-0705?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST