CVE-2016-4025

Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call.
References
Link Resource
https://labs.nettitude.com/blog/escaping-avast-sandbox-using-single-ioctl-cve-2016-4025/ Technical Description Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:avast:internet_security:11.1.2260:*:*:*:*:*:*:*
cpe:2.3:a:avast:internet_security:11.1.2262:*:*:*:*:*:*:*
cpe:2.3:a:avast:business_security:11.1.2262:*:*:*:*:*:*:*
cpe:2.3:a:avast:free_antivirus:11.1.2253:*:*:*:*:*:*:*
cpe:2.3:a:avast:premier:11.1.2261:*:*:*:*:*:*:*
cpe:2.3:a:avast:pro_antivirus:11.1.2245:*:*:*:*:*:*:*
cpe:2.3:a:avast:free_antivirus:11.1.2241:*:*:*:*:*:*:*
cpe:2.3:a:avast:internet_security:11.1.2241:*:*:*:*:*:*:*
cpe:2.3:a:avast:business_security:11.1.2245:*:*:*:*:*:*:*
cpe:2.3:a:avast:business_security:11.1.2253:*:*:*:*:*:*:*
cpe:2.3:a:avast:business_security:11.1.2260:*:*:*:*:*:*:*
cpe:2.3:a:avast:free_antivirus:11.1.2245:*:*:*:*:*:*:*
cpe:2.3:a:avast:free_antivirus:11.1.2260:*:*:*:*:*:*:*
cpe:2.3:a:avast:pro_antivirus:11.1.2260:*:*:*:*:*:*:*
cpe:2.3:a:avast:premier:11.1.2253:*:*:*:*:*:*:*
cpe:2.3:a:avast:free_antivirus:11.1.2262:*:*:*:*:*:*:*
cpe:2.3:a:avast:internet_security:11.1.2261:*:*:*:*:*:*:*
cpe:2.3:a:avast:premier:11.1.2262:*:*:*:*:*:*:*
cpe:2.3:a:avast:premier:11.1.2260:*:*:*:*:*:*:*
cpe:2.3:a:avast:free_antivirus:11.1.2261:*:*:*:*:*:*:*
cpe:2.3:a:avast:business_security:11.1.2241:*:*:*:*:*:*:*
cpe:2.3:a:avast:premier:11.1.2245:*:*:*:*:*:*:*
cpe:2.3:a:avast:pro_antivirus:11.1.2253:*:*:*:*:*:*:*
cpe:2.3:a:avast:pro_antivirus:11.1.2241:*:*:*:*:*:*:*
cpe:2.3:a:avast:business_security:11.1.2261:*:*:*:*:*:*:*
cpe:2.3:a:avast:internet_security:11.1.2245:*:*:*:*:*:*:*
cpe:2.3:a:avast:pro_antivirus:11.1.2261:*:*:*:*:*:*:*
cpe:2.3:a:avast:premier:11.1.2241:*:*:*:*:*:*:*
cpe:2.3:a:avast:internet_security:11.1.2253:*:*:*:*:*:*:*
cpe:2.3:a:avast:pro_antivirus:11.1.2262:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:avast:file_server_security:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection:8.0.1606:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection_suite_plus:8.0.1606:*:*:*:*:*:*:*
cpe:2.3:a:avast:file_server_security:8.0.1606:*:*:*:*:*:*:*
cpe:2.3:a:avast:email_server_security:8.0.1606:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection_plus:8.0.1606:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection_suite_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:email_server_security:*:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection_suite:8.0.1606:*:*:*:*:*:*:*
cpe:2.3:a:avast:endpoint_protection_plus:8.0.1609:*:*:*:*:*:*:*

Information

Published : 2016-11-03 03:59

Updated : 2016-11-04 12:03


NVD link : CVE-2016-4025

Mitre link : CVE-2016-4025


JSON object : View

CWE
CWE-254

7PK - Security Features

Advertisement

dedicated server usa

Products Affected

avast

  • email_server_security
  • pro_antivirus
  • endpoint_protection
  • file_server_security
  • free_antivirus
  • premier
  • business_security
  • endpoint_protection_suite_plus
  • endpoint_protection_suite
  • endpoint_protection_plus
  • internet_security