Lucene search

Kaspersky LabKLA10063

HistorySep 28, 2008 - 12:00 a.m.

KLA10063 ACE vulnerability in Avira

2008-09-2800:00:00

Kaspersky Lab

threats.kaspersky.com

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

A nonsecure function call vulnerability was found in Avira. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited from the network at a point related to the scheduler via a specially designed *.exe file.

Original advisories

detailed description

Related products

Avira-AntiVir-Professional-(formerly-Workstation)

Avira-Premium-Security-Suite

CVE list

CVE-2009-2761 high

Solution

Update to latest version

Impacts

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

Avira Antivr versions 8.x and earlierAvira AntiVir Premium versions 8.x and earlierAvira Premium Security Suite versions 8.x and earlierAvira AntiVir Professional versions 8.x and earlier

References

blog.zoller.lu/2009/01/tzo-2009-2-avira-antivir-priviledge.html

statistics.securelist.com/

threats.kaspersky.com/en/product/Avira-AntiVir-Professional-(formerly-Workstation)/

threats.kaspersky.com/en/product/Avira-Premium-Security-Suite/

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for KLA10063