CVE-2016-4025

Published: Nov 3, 2016Modified: May 6, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call.

Affected (42)

Products: Avast: Business Security, Free Antivirus, Internet Security, Premier, Pro Antivirus, Email Server Security, Endpoint Protection, Endpoint Protection Plus, Endpoint Protection Suite, Endpoint Protection Suite Plus, File Server Security

11 products

Email Server Security

Endpoint Protection

Endpoint Protection Plus

Endpoint Protection Suite

Endpoint Protection Suite Plus

File Server Security

Configuration A

30 vulnerable

Vulnerable Software	Affected Versions
Avast Business Security	Version 11.1.2241
Avast Business Security	Version 11.1.2245
Avast Business Security	Version 11.1.2253
Avast Business Security	Version 11.1.2260
Avast Business Security	Version 11.1.2261
Avast Business Security	Version 11.1.2262
Avast Free Antivirus	Version 11.1.2241
Avast Free Antivirus	Version 11.1.2245
Avast Free Antivirus	Version 11.1.2253
Avast Free Antivirus	Version 11.1.2260
Avast Free Antivirus	Version 11.1.2261
Avast Free Antivirus	Version 11.1.2262
Avast Internet Security	Version 11.1.2241
Avast Internet Security	Version 11.1.2245
Avast Internet Security	Version 11.1.2253
Avast Internet Security	Version 11.1.2260
Avast Internet Security	Version 11.1.2261
Avast Internet Security	Version 11.1.2262
Avast Premier	Version 11.1.2241
Avast Premier	Version 11.1.2245
Avast Premier	Version 11.1.2253
Avast Premier	Version 11.1.2260
Avast Premier	Version 11.1.2261
Avast Premier	Version 11.1.2262
Avast Pro Antivirus	Version 11.1.2241
Avast Pro Antivirus	Version 11.1.2245
Avast Pro Antivirus	Version 11.1.2253
Avast Pro Antivirus	Version 11.1.2260
Avast Pro Antivirus	Version 11.1.2261
Avast Pro Antivirus	Version 11.1.2262

Configuration B

12 vulnerable

Vulnerable Software	Affected Versions
Avast Email Server Security	Up to 8.0.1609
Avast Email Server Security	Version 8.0.1606
Avast Endpoint Protection	Up to 8.0.1609
Avast Endpoint Protection	Version 8.0.1606
Avast Endpoint Protection Plus	Version 8.0.1606
Avast Endpoint Protection Plus	Version 8.0.1609
Avast Endpoint Protection Suite	Up to 8.0.1609
Avast Endpoint Protection Suite	Version 8.0.1606
Avast Endpoint Protection Suite Plus	Up to 8.0.1609
Avast Endpoint Protection Suite Plus	Version 8.0.1606
Avast File Server Security	Up to 8.0.1609
Avast File Server Security	Version 8.0.1606

Related CWEs

CWE-254

References (2)

https://labs.nettitude.com/blog/escaping-avast-sandbox-using-single-ioctl-cve-2016-4025/

Source: cve@mitre.org

Technical DescriptionThird Party Advisory

https://labs.nettitude.com/blog/escaping-avast-sandbox-using-single-ioctl-cve-2016-4025/

Source: af854a3a-2127-422b-91ae-364da2661108

Technical DescriptionThird Party Advisory

Timeline

No history available yet.