← Back

CVE-2009-3523

nvd nist
Published: Oct 1, 2009Modified: Apr 23, 2026

JSON object

Loading...
6.9
Vector
AV:L/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 3.4 / Impact: 10.0
Source: NVD

Description

aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625.

Affected (29)

Avast
2 products
Avast Antivirus Home
Avast Antivirus Professional
Configuration A
29 vulnerable
Vulnerable SoftwareAffected Versions
Avast
Avast Antivirus Home
Up to 4.8.1351
Avast Antivirus Home
Version 4.7.1043
Avast Antivirus Home
Version 4.7.1098
Avast Antivirus Home
Version 4.7.827
Avast Antivirus Home
Version 4.7.844
Avast Antivirus Home
Version 4.7.869
Avast Antivirus Home
Version 4.8.1169
Avast Antivirus Home
Version 4.8.1195
Avast Antivirus Home
Version 4.8.1201
Avast Antivirus Home
Version 4.8.1227
Avast Antivirus Home
Version 4.8.1229
Avast Antivirus Home
Version 4.8.1282
Avast Antivirus Home
Version 4.8.1290
Avast Antivirus Home
Version 4.8.1296
Avast Antivirus Home
Version 4.8.1335
Avast
Avast Antivirus Professional
Up to 4.8.1351
Avast Antivirus Professional
Version 4.7.1043
Avast Antivirus Professional
Version 4.7.1098
Avast Antivirus Professional
Version 4.7.827
Avast Antivirus Professional
Version 4.7.844
Avast Antivirus Professional
Version 4.8.1169
Avast Antivirus Professional
Version 4.8.1195
Avast Antivirus Professional
Version 4.8.1201
Avast Antivirus Professional
Version 4.8.1227
Avast Antivirus Professional
Version 4.8.1229
Avast Antivirus Professional
Version 4.8.1282
Avast Antivirus Professional
Version 4.8.1290
Avast Antivirus Professional
Version 4.8.1296
Avast Antivirus Professional
Version 4.8.1335

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.