Author Topic: Avast! 4.8.1335 Professional Local Kernel Buffer Overflow Exploit  (Read 4738 times)

Offline Erroneus

  • Full Member
  • ***
  • Posts: 124
  • Gender: Male
  • Avast Oldschool Member
    • Personal blog
    • Personal Message (Offline)
You might wan't to fix this:

http://www.milw0rm.com/exploits/9492
Lenovo x230 - Apple MacBook Air 13
Homebuild machine - Intel I5 3570K@4,2 Ghz
Windows 7 Enterprise 64bit: Avast IS 9 Licensed

Offline spg SCOTT

  • Massive Poster
  • ****
  • Posts: 4138
  • Gender: Male
  • There is no magic, only lost physics
    • spg SCOTT
    • Personal Message (Offline)
Re: Avast! 4.8.1335 Professional Local Kernel Buffer Overflow Exploit
« Reply #1 on: August 24, 2009, 08:31:43 PM »
We are at 4.8.1351 now,

http://www.avast.com/eng/avast-4-home_pro-revision-history.html

Comments from Vlk, prior to the update:

You're right, we'll be releasing a new 4.8 update soon. The main reason is that there's a security vulnerability in avast 4.8.1335 (in one of its kernel mode drivers) that needs to be fixed. Plus, there are some improvements in the scanning engine as well (in line with v5 preparations).

We didn't quite mean to release it as a beta first, but since you've already found it (as something we're currently testing)... be our guests.

I expect it will be officially released ~ next Tuesday (as time permits).

Thanks
Vlk

I think they did ;)

-Scott-
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11565
  • Gender: Male
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
    • Personal Message (Offline)
Re: Avast! 4.8.1335 Professional Local Kernel Buffer Overflow Exploit
« Reply #2 on: August 24, 2009, 11:20:20 PM »
Yep, this issue is fixed in v4.8.1351.

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline spg SCOTT

  • Massive Poster
  • ****
  • Posts: 4138
  • Gender: Male
  • There is no magic, only lost physics
    • spg SCOTT
    • Personal Message (Offline)
Re: Avast! 4.8.1335 Professional Local Kernel Buffer Overflow Exploit
« Reply #3 on: August 25, 2009, 09:39:08 AM »
Yep, this issue is fixed in v4.8.1351.

Thanks
Vlk

Thanks for confirming Vlk :)
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

Offline pete319

  • Sr. Member
  • ****
  • Posts: 364
    • Personal Message (Offline)
Re: Avast! 4.8.1335 Professional Local Kernel Buffer Overflow Exploit
« Reply #4 on: August 26, 2009, 09:39:27 AM »
They are also reporting this on Secunia,
http://secunia.com/advisories/36442/

Yes i know it is fixed in version  v4.8.1351.
EDIT: Just i thought i would pass it on
« Last Edit: August 26, 2009, 09:44:20 AM by pete319 »
AMD Sempron[tm] Processor 2800+ 1.60 GHz...512 Mb Ram... XP Home SP3...Avast free 5.0.594......SpywareBlaster...Secunia PSI... and Malwarebytes antimalware on demand... Private Firewall 7.0.21.1...IE8 and Firefox 3.6.6

Offline calcu007

  • avast! Evangelist
  • Poster
  • ***
  • Posts: 478
  • Gender: Male
  • I'm lamma!
    • Personal Message (Offline)
Re: Avast! 4.8.1335 Professional Local Kernel Buffer Overflow Exploit
« Reply #5 on: August 26, 2009, 10:32:07 AM »
They are also reporting this on Secunia,
http://secunia.com/advisories/36442/

Yes i know it is fixed in version  v4.8.1351.
EDIT: Just i thought i would pass it on

if you know that was fixed then why posted it? It mislead customer
Asus Intel i7 8GB RAM , Win 8.1 64 bit, Avast IS

Offline pete319

  • Sr. Member
  • ****
  • Posts: 364
    • Personal Message (Offline)
Re: Avast! 4.8.1335 Professional Local Kernel Buffer Overflow Exploit
« Reply #6 on: August 26, 2009, 10:36:57 AM »
They are also reporting this on Secunia,
http://secunia.com/advisories/36442/

Yes i know it is fixed in version  v4.8.1351.
EDIT: Just i thought i would pass it on

if you know that was fixed then why posted it? It mislead customer

Hi calcu007
I can not see how you say i mislead customer as all i was pointing out was Secunia has released it also.
As you have read this thread you would know that it has been fixed.
If for some reason you took offense that was not my intention.
AMD Sempron[tm] Processor 2800+ 1.60 GHz...512 Mb Ram... XP Home SP3...Avast free 5.0.594......SpywareBlaster...Secunia PSI... and Malwarebytes antimalware on demand... Private Firewall 7.0.21.1...IE8 and Firefox 3.6.6

Offline curious!

  • avast! Evangelist
  • Poster
  • ***
  • Posts: 531
  • Gender: Male
    • Personal Message (Offline)
Re: Avast! 4.8.1335 Professional Local Kernel Buffer Overflow Exploit
« Reply #7 on: August 26, 2009, 04:41:46 PM »
If anybody are misleading in this case it's Secunia which Status for the patch by now is 'unpatched'.

Pete has mislead nobody if you care to read the whole thread, especially what Vlk said near the beginning of the thread.

Something never change.   :(

HL.


Offline pete319

  • Sr. Member
  • ****
  • Posts: 364
    • Personal Message (Offline)
Re: Avast! 4.8.1335 Professional Local Kernel Buffer Overflow Exploit
« Reply #8 on: August 27, 2009, 06:17:26 AM »
If anybody are misleading in this case it's Secunia which Status for the patch by now is 'unpatched'.

Pete has mislead nobody if you care to read the whole thread, especially what Vlk said near the beginning of the thread.

Something never change.   :(

HL.



Cheers hlecter and thanks ;)
AMD Sempron[tm] Processor 2800+ 1.60 GHz...512 Mb Ram... XP Home SP3...Avast free 5.0.594......SpywareBlaster...Secunia PSI... and Malwarebytes antimalware on demand... Private Firewall 7.0.21.1...IE8 and Firefox 3.6.6

Offline Marc57

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1940
  • Gender: Male
  • KISS Rules The World!!!
    • KISS Army
    • Personal Message (Offline)
Re: Avast! 4.8.1335 Professional Local Kernel Buffer Overflow Exploit
« Reply #9 on: August 27, 2009, 06:30:37 AM »
I have sent a Note to Secunia with a link to this thread stating that this has been fixed.
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline pete319

  • Sr. Member
  • ****
  • Posts: 364
    • Personal Message (Offline)
Re: Avast! 4.8.1335 Professional Local Kernel Buffer Overflow Exploit
« Reply #10 on: August 27, 2009, 06:44:29 AM »
I have sent a Note to Secunia with a link to this thread stating that this has been fixed.

Thanks Marc57 ;)
I never even gave that a thought, which i should really have down first. :-[
AMD Sempron[tm] Processor 2800+ 1.60 GHz...512 Mb Ram... XP Home SP3...Avast free 5.0.594......SpywareBlaster...Secunia PSI... and Malwarebytes antimalware on demand... Private Firewall 7.0.21.1...IE8 and Firefox 3.6.6

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8800
  • Gender: Male
    • Personal Message (Offline)
Re: Avast! 4.8.1335 Professional Local Kernel Buffer Overflow Exploit
« Reply #11 on: August 27, 2009, 09:39:14 AM »
I have sent a Note to Secunia with a link to this thread stating that this has been fixed.

Oh dear.

Too close for comfort.
Quote
MEDIA SPOILED OSHAWA SURPRISE
CANADIAN PRESS
 Kiss frontman Gene Simmons says the media is to blame for spoiling a surprise the band had in store for Oshawa, Ont.
Earlier this year, Kiss asked fans around the world to go to their website and vote for their hometown to be included in the band's next big tour.

Oshawa finished first among all cities, but when the dates for the tour were announced this week, the Ontario city was left off the list.

Fans and politicians in Oshawa were outraged and Kiss eventually announced that it will play the city on Oct. 7
http://www.kissonline.com/stream/article/display/id/18524

Secunia are a bit slow in updating their information.
« Last Edit: August 27, 2009, 09:41:51 AM by YoKenny »
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline Marc57

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1940
  • Gender: Male
  • KISS Rules The World!!!
    • KISS Army
    • Personal Message (Offline)
Re: Avast! 4.8.1335 Professional Local Kernel Buffer Overflow Exploit
« Reply #12 on: August 27, 2009, 03:50:18 PM »
Your welcome Pete, Thanks for the news YoKenny, I hadn't heard about that.
« Last Edit: August 27, 2009, 04:10:51 PM by Marc57 »
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline Marc57

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1940
  • Gender: Male
  • KISS Rules The World!!!
    • KISS Army
    • Personal Message (Offline)
Re: Avast! 4.8.1335 Professional Local Kernel Buffer Overflow Exploit
« Reply #13 on: August 27, 2009, 04:08:32 PM »
It's been updated, Under "Solution" on page two it says "Update to version 4.8.1351"

http://secunia.com/advisories/36442/2/
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Avast! 4.8.1335 Professional Local Kernel Buffer Overflow Exploit
« Reply #14 on: August 27, 2009, 04:55:34 PM »
You would think that they would put the resolution on page one, how many bother going to the other pages. Or at least make it clear on page one that it isn't outstanding.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now