Vigil@nce - Avast: escape from Sandbox
May 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use an IOCTL of Avast, in order to create a file
from an application protected by the sandbox.
Impacted products: Avast AV.
Severity: 1/4.
Creation date: 21/04/2016.
DESCRIPTION OF THE VULNERABILITY
The Avast product installs the aswSnx.sys (Avast Virtualization)
driver, which offers a Sandbox service to jail applications.
However, using snxhk.dll and the IOCTL 0x82AC0168, an attacker can
escape from jail, to create a file.
An attacker can therefore use an IOCTL of Avast, in order to
create a file from an application protected by the sandbox.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Avast-escape-from-Sandbox-19429