AVG Internet Security 2015 Arbitrary Write Privilege Escalation

vendor:

AVG Internet Security

by:

Parvez Anwar

7.5

CVSS

HIGH

Arbitrary Write Privilege Escalation

269

CWE

Product Name: AVG Internet Security

Affected Version From: 2015.0.5315

Affected Version To: 2015.0.5556

Patch Exists: YES

Related CWE: CVE-2014-9632

CPE: a:avg:internet_security:2015

Metasploit:

Other Scripts:

Platforms Tested: Windows XP SP3

2015

AVG Internet Security 2015 Arbitrary Write Privilege Escalation

The AVG Internet Security 2015 software allows an attacker to escalate privileges by overwriting the HAL dispatch table. By controlling the input buffer, the attacker can overwrite static pointers, leading to privilege escalation.

Mitigation:

Upgrade to AVG Internet Security 2015 version 2015.0.5557 or later.

Source

AVG Internet Security 2015 Arbitrary Write Privilege Escalation

Mitigation:

Exploit-DB raw data: