|
|
Credit:
The information has been provided by Maxim A. Kulakov.
|
|
Vulnerable Systems:
* Avast! Professional Edition version 4.8.1356 and prior
* Avast! Home Edition 4.8.1356 and prior
Immune Systems:
* Avast! Professional Edition version 5
* Avast! Home Edition 5
Vulnerability #1
Local privilege escalation. A local attacker (unprivileged user) can modify %Program Files%\Alwil Software\Avast4\Data\avast4.ini file. "ISAPIFilter1" parameter in avast4.ini contains filename or full path to ISAPI filter module originally "ashWsFtr.dll". An attacker can replace the original path by path to the attackers malicious dynamic library (DLL). After restart attackers DLL will be loaded with SYSTEM privileges. This is local privilege escalation vulnerability.
Vulnerability #2
Denial of Service A local attacker (unprivileged user) could cause denial of service conditions in Avast! by deleting %Program Files%\Alwil Software\Avast4\Data\400.vps file. After system restart all Avast! modules failed to load.
CVE Information:
Vulnerability #1 CVE-2009-3524
Disclosure Timeline:
25/08/2009 Initial vendor notification. Secure contacts requested.
26/08/2009 Vendor response
06/10/2009 Vendor response regarding insecure permissions: "Vulnerability #2 is addressed in the upcoming avast v5.0 (due this November) but there are no plans to do anything about it in the current version (4.x branch)."
22/10/2009 Advisory released
|
|