Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.
forum.avast.com/index.php?topic=55484.0
osvdb.org/62510
secunia.com/advisories/38677
secunia.com/advisories/38689
www.securityfocus.com/archive/1/509710/100/0/threaded
www.securityfocus.com/bid/38363
www.securitytracker.com/id?1023644
www.trapkit.de/advisories/TKADV2010-003.txt
www.vupen.com/english/advisories/2010/0449