Vulnerability Name:

CVE-2009-3524 (CCN-53625)

Assigned:2009-09-23
Published:2009-09-23
Updated:2017-09-19
Summary:Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
1.9 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N)
1.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Other
References:Source: MITRE
Type: CNA
CVE-2009-3524

Source: OSVDB
Type: UNKNOWN
58403

Source: CCN
Type: SA36858
avast! Home/Professional Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
36858

Source: CONFIRM
Type: Vendor Advisory
http://www.avast.com/eng/avast-4-home_pro-revision-history.html

Source: CCN
Type: avast! Web site
avast!

Source: CCN
Type: OSVDB ID: 58403
avast! Home / Professional for Windows avast4.ini ashWsFtr.dll Subversion Local Privilege Escalation

Source: CCN
Type: BID-36796
Avast! Insecure Program File Permissions Local Privilege Escalation Vulnerability

Source: XF
Type: UNKNOWN
avast-ashwsftr-unspecified(53625)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6509

Vulnerable Configuration:Configuration 1:
  • cpe:/a:avast:avast_antivirus_home:4.7.827:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_home:4.7.844:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_home:4.7.869:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_home:4.7.1043:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_home:4.7.1098:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_home:4.8.1169:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_home:4.8.1195:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_home:4.8.1201:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_home:4.8.1227:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_home:4.8.1229:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_home:4.8.1282:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_home:4.8.1290:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_home:4.8.1296:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_home:4.8.1335:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_home:*:*:windows:*:*:*:*:* (Version <= 4.8.1351)
  • OR cpe:/a:avast:avast_antivirus_professional:4.7.827:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_professional:4.7.844:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_professional:4.7.1043:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_professional:4.7.1098:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_professional:4.8.1169:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_professional:4.8.1195:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_professional:4.8.1201:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_professional:4.8.1227:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_professional:4.8.1229:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_professional:4.8.1282:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_professional:4.8.1290:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_professional:4.8.1296:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_professional:4.8.1335:*:windows:*:*:*:*:*
  • OR cpe:/a:avast:avast_antivirus_professional:*:*:windows:*:*:*:*:* (Version <= 4.8.1351)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:6509
    V
    		Avast! Home and Professional 'ashWsFtr.dll' Unspecified Vulnerability
    2011-08-22
    BACK
    avast avast antivirus home 4.7.827
    avast avast antivirus home 4.7.844
    avast avast antivirus home 4.7.869
    avast avast antivirus home 4.7.1043
    avast avast antivirus home 4.7.1098
    avast avast antivirus home 4.8.1169
    avast avast antivirus home 4.8.1195
    avast avast antivirus home 4.8.1201
    avast avast antivirus home 4.8.1227
    avast avast antivirus home 4.8.1229
    avast avast antivirus home 4.8.1282
    avast avast antivirus home 4.8.1290
    avast avast antivirus home 4.8.1296
    avast avast antivirus home 4.8.1335
    avast avast antivirus home *
    avast avast antivirus professional 4.7.827
    avast avast antivirus professional 4.7.844
    avast avast antivirus professional 4.7.1043
    avast avast antivirus professional 4.7.1098
    avast avast antivirus professional 4.8.1169
    avast avast antivirus professional 4.8.1195
    avast avast antivirus professional 4.8.1201
    avast avast antivirus professional 4.8.1227
    avast avast antivirus professional 4.8.1229
    avast avast antivirus professional 4.8.1282
    avast avast antivirus professional 4.8.1290
    avast avast antivirus professional 4.8.1296
    avast avast antivirus professional 4.8.1335
    avast avast antivirus professional *