CVE-2007-3777 - avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edition 7.5.446, provides an inter

CVE-2007-3777

Summary

avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edition 7.5.446, provides an internal function that copies data to an arbitrary address, which allows local users to gain privileges via arbitrary address arguments to a function provided by the 0x5348E004 IOCTL for the generic DeviceIoControl handler.

References

Vulnerable Configurations

cpe:2.3:a:grisoft:avg_antivirus:7.5.446:*:free:*:*:*:*:*
cpe:2.3:a:grisoft:avg_antivirus:7.5.446:*:free:*:*:*:*:*
cpe:2.3:a:grisoft:avg_antivirus:7.5.448:*:*:*:*:*:*:*
cpe:2.3:a:grisoft:avg_antivirus:7.5.448:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 15-10-2018 - 21:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	24870
bugtraq	20070711 Advisory: Arbitrary kernel mode memory writes in AVG
osvdb	37975
sectrack	1018362
secunia	25998
sreason	2887
vupen	ADV-2007-2518
xf	avg-avg7core-code-execution(35345)

Last major update

15-10-2018 - 21:30

Published

15-07-2007 - 22:30

Last modified

15-10-2018 - 21:30