Vulnerability Name: CVE-2016-4025 (CCN-112542) Assigned: 2016-04-19 Published: 2016-04-19 Updated: 2016-11-04 Summary: Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call. CVSS v3 Severity: 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 4.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:U/RC:R Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): HighAvailibility (A): None
7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:R Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-254 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2016-4025 Avast SandBox Escape via IOCTL Requests Avast! Antivirus avast-cve20164025-sec-bypass(112542) https://labs.nettitude.com/blog/escaping-avast-sandbox-using-single-ioctl-cve-2016-4025/ Vulnerable Configuration: Configuration 1 :cpe:/a:avast:business_security:11.1.2241:*:*:*:*:*:*:* OR cpe:/a:avast:business_security:11.1.2245:*:*:*:*:*:*:* OR cpe:/a:avast:business_security:11.1.2253:*:*:*:*:*:*:* OR cpe:/a:avast:business_security:11.1.2260:*:*:*:*:*:*:* OR cpe:/a:avast:business_security:11.1.2261:*:*:*:*:*:*:* OR cpe:/a:avast:business_security:11.1.2262:*:*:*:*:*:*:* OR cpe:/a:avast:free_antivirus:11.1.2241:*:*:*:*:*:*:* OR cpe:/a:avast:free_antivirus:11.1.2245:*:*:*:*:*:*:* OR cpe:/a:avast:free_antivirus:11.1.2253:*:*:*:*:*:*:* OR cpe:/a:avast:free_antivirus:11.1.2260:*:*:*:*:*:*:* OR cpe:/a:avast:free_antivirus:11.1.2261:*:*:*:*:*:*:* OR cpe:/a:avast:free_antivirus:11.1.2262:*:*:*:*:*:*:* OR cpe:/a:avast:internet_security:11.1.2241:*:*:*:*:*:*:* OR cpe:/a:avast:internet_security:11.1.2245:*:*:*:*:*:*:* OR cpe:/a:avast:internet_security:11.1.2253:*:*:*:*:*:*:* OR cpe:/a:avast:internet_security:11.1.2260:*:*:*:*:*:*:* OR cpe:/a:avast:internet_security:11.1.2261:*:*:*:*:*:*:* OR cpe:/a:avast:internet_security:11.1.2262:*:*:*:*:*:*:* OR cpe:/a:avast:premier:11.1.2241:*:*:*:*:*:*:* OR cpe:/a:avast:premier:11.1.2245:*:*:*:*:*:*:* OR cpe:/a:avast:premier:11.1.2253:*:*:*:*:*:*:* OR cpe:/a:avast:premier:11.1.2260:*:*:*:*:*:*:* OR cpe:/a:avast:premier:11.1.2261:*:*:*:*:*:*:* OR cpe:/a:avast:premier:11.1.2262:*:*:*:*:*:*:* OR cpe:/a:avast:pro_antivirus:11.1.2241:*:*:*:*:*:*:* OR cpe:/a:avast:pro_antivirus:11.1.2245:*:*:*:*:*:*:* OR cpe:/a:avast:pro_antivirus:11.1.2253:*:*:*:*:*:*:* OR cpe:/a:avast:pro_antivirus:11.1.2260:*:*:*:*:*:*:* OR cpe:/a:avast:pro_antivirus:11.1.2261:*:*:*:*:*:*:* OR cpe:/a:avast:pro_antivirus:11.1.2262:*:*:*:*:*:*:* Configuration 2 :cpe:/a:avast:email_server_security:8.0.1606:*:*:*:*:*:*:* OR cpe:/a:avast:email_server_security:*:*:*:*:*:*:*:* (Version <= 8.0.1609) OR cpe:/a:avast:endpoint_protection:8.0.1606:*:*:*:*:*:*:* OR cpe:/a:avast:endpoint_protection:*:*:*:*:*:*:*:* (Version <= 8.0.1609) OR cpe:/a:avast:endpoint_protection_plus:8.0.1606:*:*:*:*:*:*:* OR cpe:/a:avast:endpoint_protection_plus:8.0.1609:*:*:*:*:*:*:* OR cpe:/a:avast:endpoint_protection_suite:8.0.1606:*:*:*:*:*:*:* OR cpe:/a:avast:endpoint_protection_suite:*:*:*:*:*:*:*:* (Version <= 8.0.1609) OR cpe:/a:avast:endpoint_protection_suite_plus:8.0.1606:*:*:*:*:*:*:* OR cpe:/a:avast:endpoint_protection_suite_plus:*:*:*:*:*:*:*:* (Version <= 8.0.1609) OR cpe:/a:avast:file_server_security:8.0.1606:*:*:*:*:*:*:* OR cpe:/a:avast:file_server_security:*:*:*:*:*:*:*:* (Version <= 8.0.1609) BACK
avast business security 11.1.2241
avast business security 11.1.2245
avast business security 11.1.2253
avast business security 11.1.2260
avast business security 11.1.2261
avast business security 11.1.2262
avast free antivirus 11.1.2241
avast free antivirus 11.1.2245
avast free antivirus 11.1.2253
avast free antivirus 11.1.2260
avast free antivirus 11.1.2261
avast free antivirus 11.1.2262
avast internet security 11.1.2241
avast internet security 11.1.2245
avast internet security 11.1.2253
avast internet security 11.1.2260
avast internet security 11.1.2261
avast internet security 11.1.2262
avast premier 11.1.2241
avast premier 11.1.2245
avast premier 11.1.2253
avast premier 11.1.2260
avast premier 11.1.2261
avast premier 11.1.2262
avast pro antivirus 11.1.2241
avast pro antivirus 11.1.2245
avast pro antivirus 11.1.2253
avast pro antivirus 11.1.2260
avast pro antivirus 11.1.2261
avast pro antivirus 11.1.2262
avast email server security 8.0.1606
avast email server security *
avast endpoint protection 8.0.1606
avast endpoint protection *
avast endpoint protection plus 8.0.1606
avast endpoint protection plus 8.0.1609
avast endpoint protection suite 8.0.1606
avast endpoint protection suite *
avast endpoint protection suite plus 8.0.1606
avast endpoint protection suite plus *
avast file server security 8.0.1606
avast file server security *
Denotes that component is vulnerable