Lucene search

[email protected]CVE-2016-4025

HistoryNov 03, 2016 - 10:59 a.m.

CVE-2016-4025

2016-11-0310:59:02

CWE-254

[email protected]

web.nvd.nist.gov

avast

internet security

antivirus

bypass

deepscreen

deviceiocontrol

nvd

cve-2016-4025

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call.

Affected configurations

NVD

Node

avastbusiness_securityMatch11.1.2241

avastbusiness_securityMatch11.1.2245

avastbusiness_securityMatch11.1.2253

avastbusiness_securityMatch11.1.2260

avastbusiness_securityMatch11.1.2261

avastbusiness_securityMatch11.1.2262

avastfree_antivirusMatch11.1.2241

avastfree_antivirusMatch11.1.2245

avastfree_antivirusMatch11.1.2253

avastfree_antivirusMatch11.1.2260

avastfree_antivirusMatch11.1.2261

avastfree_antivirusMatch11.1.2262

avastinternet_securityMatch11.1.2241

avastinternet_securityMatch11.1.2245

avastinternet_securityMatch11.1.2253

avastinternet_securityMatch11.1.2260

avastinternet_securityMatch11.1.2261

avastinternet_securityMatch11.1.2262

avastpremierMatch11.1.2241

avastpremierMatch11.1.2245

avastpremierMatch11.1.2253

avastpremierMatch11.1.2260

avastpremierMatch11.1.2261

avastpremierMatch11.1.2262

avastpro_antivirusMatch11.1.2241

avastpro_antivirusMatch11.1.2245

avastpro_antivirusMatch11.1.2253

avastpro_antivirusMatch11.1.2260

avastpro_antivirusMatch11.1.2261

avastpro_antivirusMatch11.1.2262

Node

avastemail_server_securityRange≤8.0.1609

avastemail_server_securityMatch8.0.1606

avastendpoint_protectionRange≤8.0.1609

avastendpoint_protectionMatch8.0.1606

avastendpoint_protection_plusMatch8.0.1606

avastendpoint_protection_plusMatch8.0.1609

avastendpoint_protection_suiteRange≤8.0.1609

avastendpoint_protection_suiteMatch8.0.1606

avastendpoint_protection_suite_plusRange≤8.0.1609

avastendpoint_protection_suite_plusMatch8.0.1606

avastfile_server_securityRange≤8.0.1609

avastfile_server_securityMatch8.0.1606

CPENameOperatorVersion
avast:business_securityavast business securityeq11.1.2241
avast:business_securityavast business securityeq11.1.2245
avast:business_securityavast business securityeq11.1.2253
avast:business_securityavast business securityeq11.1.2260
avast:business_securityavast business securityeq11.1.2261
avast:business_securityavast business securityeq11.1.2262
avast:free_antivirusavast free antiviruseq11.1.2241
avast:free_antivirusavast free antiviruseq11.1.2245
avast:free_antivirusavast free antiviruseq11.1.2253
avast:free_antivirusavast free antiviruseq11.1.2260

CPE	Name	Operator	Version
avast:business_security	avast business security	eq	11.1.2241
avast:business_security	avast business security	eq	11.1.2245
avast:business_security	avast business security	eq	11.1.2253
avast:business_security	avast business security	eq	11.1.2260
avast:business_security	avast business security	eq	11.1.2261
avast:business_security	avast business security	eq	11.1.2262
avast:free_antivirus	avast free antivirus	eq	11.1.2241
avast:free_antivirus	avast free antivirus	eq	11.1.2245
avast:free_antivirus	avast free antivirus	eq	11.1.2253
avast:free_antivirus	avast free antivirus	eq	11.1.2260

Rows per page:

1-10 of 301

References

labs.nettitude.com/blog/escaping-avast-sandbox-using-single-ioctl-cve-2016-4025/

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2016-4025

openvas8 nvd1 cvelist1 prion1