VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 1, 2009· Updated Apr 23, 2026

CVE-2009-3523

CVE-2009-3523

Description

aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625.

Affected products

29
  • Avast\!/Avast Antivirus Home15 versions
    cpe:2.3:a:avast:avast_antivirus_home:4.7.1043:*:windows:*:*:*:*:*+ 14 more
    • cpe:2.3:a:avast:avast_antivirus_home:4.7.1043:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_home:4.7.1098:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_home:4.7.827:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_home:4.7.844:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_home:4.7.869:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_home:4.8.1169:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_home:4.8.1195:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_home:4.8.1201:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_home:4.8.1227:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_home:4.8.1229:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_home:4.8.1282:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_home:4.8.1290:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_home:4.8.1296:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_home:4.8.1335:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_home:*:*:windows:*:*:*:*:*range: <=4.8.1351
  • Avast\!/Avast Antivirus Professional14 versions
    cpe:2.3:a:avast:avast_antivirus_professional:4.7.1043:*:windows:*:*:*:*:*+ 13 more
    • cpe:2.3:a:avast:avast_antivirus_professional:4.7.1043:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_professional:4.7.1098:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_professional:4.7.827:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_professional:4.7.844:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_professional:4.8.1169:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_professional:4.8.1195:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_professional:4.8.1201:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_professional:4.8.1227:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_professional:4.8.1229:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_professional:4.8.1282:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_professional:4.8.1290:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_professional:4.8.1296:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_professional:4.8.1335:*:windows:*:*:*:*:*
    • cpe:2.3:a:avast:avast_antivirus_professional:*:*:windows:*:*:*:*:*range: <=4.8.1351

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.