Tobias Klein has reported a vulnerability in avast! Home/Professional, which can be exploited by malicious, local users to gain escalated privileges.
An input validation error within the 0xb2d60030 IOCTL handler of the aavmker4.sys driver can be exploited e.g. to overwrite arbitrary kernel memory via a specially crafted IOCTL request.
The vulnerability is reported in version 4.7. Other versions may also be affected.
March 29, 2008
- avast! now contains a built-in anti-rootkit protection
- avast! now comes with a built-in anti-spyware protection
- new self-defense function to prevent active malware from terminating avast! processes as well as corrupting avast! files and registry items
- scanners now display a progress of current scan (percentage of work done)
- fixed a vulnerability in AavmKer4.sys kernel-mode driver (problem applies to Windows NT/2000/XP, 32-bit only); special thanks to Tobias Klein
- improvements in boot-time scanner (detection & removal of hidden or hard to delete files)
- boot-time scanner will not start when booting into Safe Mode (the program was "invisible" in that case, no progress/messages could be seen)
- improvements in many unpackers
- ACE and RAR unpackers now work even in boot-time scanner
- IM Shield: added support for QQ
- improvements in handling of NTFS streams
- Internet Mail provider now displays the name of the sending/receiving program in the tooltip of its taskbar icon
- implemented a protection against false positives in critical system files
- removed a small memory leak in one of avast! drivers (Windows Vista and XP 64-bit only)
- added support for 64-bit WHS connector (available in WHS Power Pack 1)
- greatly improved performance of the updater, especially in cases where many increments are being downloaded (e.g. avast! installations with outdated virus definitions)
- silent installation now also includes scheduled tasks, if any
- resolved a compatibility issue with Acronis TrueImage (XP 64-bit only)
- compatibility tests with Vista SP1 and XP SP3