VUPEN Security Advisory - Nov 12, 2008

Avira Products Driver Local Kernel Pointer Overwrite Vulnerability

http://www.vupen.com/english/VUPEN-Security-Advisory-20081112.txt 


I. DESCRIPTION  
---------------

A security vulnerability has been identified in various Avira products.
The flaw could be exploited by local users to gain SYSTEM privileges.


II. ANALYSIS 
-------------

The vulnerability is caused due to input validation errors in a driver
when processing user-supplied IOCTL requests, which could allow malicious
unprivileged users to overwrite a kernel pointer and execute arbitrary
code with SYSTEM privileges.

VUPEN Security has developed a fully-functional exploit code.


III. AFFECTED PRODUCTS
-----------------------

All Avira 32-Bit Desktop Products are affected:

- Avira AntiVir Premium
- Avira Premium Security Suite
- Avira AntiVir Professional
- Avira AntiVir Personal - FREE


IV. VENDOR RESPONSE 
--------------------

A fix is available for customers via normal update.


V. CVE INFORMATION 
-------------------

The Common Vulnerabilities and Exposures (CVE) project has not yet assigned 
a CVE name to this issue.


VI. CREDIT 
------------

This vulnerability was discovered by Sebastien Renaud of VUPEN Security


VII. DISCLOSURE TIMELINE 
------------------------

2008/10/28  Initial Vendor Notification 
2008/10/29  Initial Vendor Reply 
2008/10/31  Security Fix Developed
2008/11/09  Emergency Update Performed
2008/11/12  Coordinated Public Disclosure