Vigil@nce: Avast, privilege elevation via aswMon
August 2009 by Vigil@nce
A local attacker can generate an overflow in the aswMon driver of
Avast, in order to obtain system privileges.
Severity: 2/4
Consequences: administrator access/rights
Provenance: user shell
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 24/08/2009
IMPACTED PRODUCTS
– Avast antivirus
DESCRIPTION OF THE VULNERABILITY
The Avast antivirus uses the driver \system32\drivers\aswMon.sys
to monitor access to files. This driver can be reached via
"\.\aswMon".
Its IOCTL 0xb2c8000c does not correctly check data size, which
leads to a buffer overflow.
A local attacker can therefore generate an overflow in the aswMon
driver of Avast, in order to obtain system privileges.
CHARACTERISTICS
Identifiers: BID-36115, VIGILANCE-VUL-8972
http://vigilance.fr/vulnerability/Avast-privilege-elevation-via-aswMon-8972