Vulnerabilities > CVE-2010-5075 - Numeric Errors vulnerability in Avast! Internet Security 5.0
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5.0 Korean Trial allows local users to cause a denial of service (memory corruption and panic) via a crafted IOCTL_ASWFW_COMM_PIDINFO_RESULTS DeviceIoControl request to \\.\aswFW.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Avast! Internet Security 5.0 aswFW.sys kernel driver IOCTL Memory Pool Corruption. CVE-2010-5075. Dos exploit for windows platform |
| id | EDB-ID:14533 |
| last seen | 2016-02-01 |
| modified | 2010-08-03 |
| published | 2010-08-03 |
| reporter | x90c |
| source | https://www.exploit-db.com/download/14533/ |
| title | Avast! Internet Security 5.0 aswFW.sys kernel driver IOCTL Memory Pool Corruption |
References
- http://www.securityfocus.com/bid/42148
- http://x90c.blogspot.com/2011/11/avast-internet-security-aswfwsys-ioctl.html
- http://x90c.blogspot.com/2011/12/bid-42148-my-avast-kernel-driver-0day_01.html
- https://web.archive.org/web/20120228033302/http://www.x90c.org/advisories/avast_internet_security_5.0_memory_corruption_advisory.txt