AVAST vulnerabilities

On 10/07/2009 06:00 PM, PCR wrote:
> MEB wrote:
>> High Vulnerabilities
>>
>> Vulnerability Summary for CVE-2009-3522
>> Original release date:10/01/2009
>> Last revised:10/02/2009
>> Source: US-CERT/NIST
>> Overview
>>
>> Stack-based buffer overflow in aswMon2.sys in avast! Home and
>> Professional for Windows 4.8.1351, and possibly other versions before
>> 4.8.1356, allows local users to cause a denial of service (system
>> crash) and possibly gain privileges via a crafted IOCTL request to
>> IOCTL 0xb2c80018.
>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3522
>>
>> Vulnerability Summary for CVE-2009-3524
>> Original release date:10/01/2009
>> Last revised:10/05/2009
>> Source: US-CERT/NIST
>> Overview
>>
>> Unspecified vulnerability in ashWsFtr.dll in avast! Home and
>> Professional for Windows before 4.8.1356 has unknown impact and local
>> attack vectors.
>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3524
>>
>> MEDIUM IMPACT:
>>
>> Vulnerability Summary for CVE-2009-3523
>> Original release date:10/01/2009
>> Last revised:10/05/2009
>> Source: US-CERT/NIST
>> Overview
>>
>> aavmKer4.sys in avast! Home and Professional for Windows before
>> 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c
>> and (2) 0xb2d60034, which allows local users to gain privileges via
>> IOCTL requests using crafted kernel addresses that trigger memory
>> corruption, a different vulnerability than CVE-2008-1625.
>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3523
>>
>> Additional vulnerabilities not specific to AVAST may be found here:
>> http://securitytracker.com/archives/underlyingos/218.html
>
> That's odd, I wasn't informed there was a v.4.8.1356. But I've got it
> now, thanks.
>
> The last one I was auto-informed of was ...1351, which I finally took.
> It could be as MS did -- as you said -- just before the day Win98 is
> abandoned, they come out with multiple final updates.
>
>

Sadly, any errors that may be in whatever becomes the "final" AVAST!
for 9X will likely be exposed within a few days or weeks as having some
form of vulnerability. Just like, should you go back to 2006 and
progress forward {time-wise} at the securitytracker link, you would find
other vulnerabilities not generally widely known. Or in an old Norton,
or any other application.

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

MEB wrote:
> On 10/07/2009 06:00 PM, PCR wrote:
>> MEB wrote:
>>> High Vulnerabilities
>>>
>>> Vulnerability Summary for CVE-2009-3522
>>> Original release date:10/01/2009
>>> Last revised:10/02/2009
>>> Source: US-CERT/NIST
>>> Overview
>>>
>>> Stack-based buffer overflow in aswMon2.sys in avast! Home and
>>> Professional for Windows 4.8.1351, and possibly other versions
>>> before
>>> 4.8.1356, allows local users to cause a denial of service (system
>>> crash) and possibly gain privileges via a crafted IOCTL request to
>>> IOCTL 0xb2c80018.
>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3522
>>>
>>> Vulnerability Summary for CVE-2009-3524
>>> Original release date:10/01/2009
>>> Last revised:10/05/2009
>>> Source: US-CERT/NIST
>>> Overview
>>>
>>> Unspecified vulnerability in ashWsFtr.dll in avast! Home and
>>> Professional for Windows before 4.8.1356 has unknown impact and
>>> local attack vectors.
>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3524
>>>
>>> MEDIUM IMPACT:
>>>
>>> Vulnerability Summary for CVE-2009-3523
>>> Original release date:10/01/2009
>>> Last revised:10/05/2009
>>> Source: US-CERT/NIST
>>> Overview
>>>
>>> aavmKer4.sys in avast! Home and Professional for Windows before
>>> 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c
>>> and (2) 0xb2d60034, which allows local users to gain privileges via
>>> IOCTL requests using crafted kernel addresses that trigger memory
>>> corruption, a different vulnerability than CVE-2008-1625.
>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3523
>>>
>>> Additional vulnerabilities not specific to AVAST may be found here:
>>> http://securitytracker.com/archives/underlyingos/218.html
>>
>> That's odd, I wasn't informed there was a v.4.8.1356. But I've got it
>> now, thanks.
>>
>> The last one I was auto-informed of was ...1351, which I finally
>> took. It could be as MS did -- as you said -- just before the day
>> Win98 is abandoned, they come out with multiple final updates.
>>
>>
>
> Sadly, any errors that may be in whatever becomes the "final" AVAST!
> for 9X will likely be exposed within a few days or weeks as having
> some form of vulnerability. Just like, should you go back to 2006 and
> progress forward {time-wise} at the securitytracker link, you would
> find other vulnerabilities not generally widely known. Or in an old
> Norton, or any other application.

Well, I just got a pop-up saying my subscription would expire in 24
days -- & it asked whether I'd like to upgrade to the paying version! (1
yr. for $39.95; 3 yrs. for $57.94). All these updates & that question
STILL gives me hope avast! will continue for us! I opted just to keep
the Home Edition -- & a new reg id is on the way! (But I fully
understand your concern.)


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
Should things get worse after this,
PCR
pcrrcp.RemoveThis@netzero.net

On 10/08/2009 07:39 PM, PCR wrote:
> MEB wrote:
>> On 10/07/2009 06:00 PM, PCR wrote:
>>> MEB wrote:
>>>> High Vulnerabilities
>>>>
>>>> Vulnerability Summary for CVE-2009-3522
>>>> Original release date:10/01/2009
>>>> Last revised:10/02/2009
>>>> Source: US-CERT/NIST
>>>> Overview
>>>>
>>>> Stack-based buffer overflow in aswMon2.sys in avast! Home and
>>>> Professional for Windows 4.8.1351, and possibly other versions
>>>> before
>>>> 4.8.1356, allows local users to cause a denial of service (system
>>>> crash) and possibly gain privileges via a crafted IOCTL request to
>>>> IOCTL 0xb2c80018.
>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3522
>>>>
>>>> Vulnerability Summary for CVE-2009-3524
>>>> Original release date:10/01/2009
>>>> Last revised:10/05/2009
>>>> Source: US-CERT/NIST
>>>> Overview
>>>>
>>>> Unspecified vulnerability in ashWsFtr.dll in avast! Home and
>>>> Professional for Windows before 4.8.1356 has unknown impact and
>>>> local attack vectors.
>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3524
>>>>
>>>> MEDIUM IMPACT:
>>>>
>>>> Vulnerability Summary for CVE-2009-3523
>>>> Original release date:10/01/2009
>>>> Last revised:10/05/2009
>>>> Source: US-CERT/NIST
>>>> Overview
>>>>
>>>> aavmKer4.sys in avast! Home and Professional for Windows before
>>>> 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c
>>>> and (2) 0xb2d60034, which allows local users to gain privileges via
>>>> IOCTL requests using crafted kernel addresses that trigger memory
>>>> corruption, a different vulnerability than CVE-2008-1625.
>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3523
>>>>
>>>> Additional vulnerabilities not specific to AVAST may be found here:
>>>> http://securitytracker.com/archives/underlyingos/218.html
>>> That's odd, I wasn't informed there was a v.4.8.1356. But I've got it
>>> now, thanks.
>>>
>>> The last one I was auto-informed of was ...1351, which I finally
>>> took. It could be as MS did -- as you said -- just before the day
>>> Win98 is abandoned, they come out with multiple final updates.
>>>
>>>
>> Sadly, any errors that may be in whatever becomes the "final" AVAST!
>> for 9X will likely be exposed within a few days or weeks as having
>> some form of vulnerability. Just like, should you go back to 2006 and
>> progress forward {time-wise} at the securitytracker link, you would
>> find other vulnerabilities not generally widely known. Or in an old
>> Norton, or any other application.
>
> Well, I just got a pop-up saying my subscription would expire in 24
> days -- & it asked whether I'd like to upgrade to the paying version! (1
> yr. for $39.95; 3 yrs. for $57.94). All these updates & that question
> STILL gives me hope avast! will continue for us! I opted just to keep
> the Home Edition -- & a new reg id is on the way! (But I fully
> understand your concern.)
>
>

Let me know if you get any notice regarding EOS, disablement, or other
from the installation or pop-up, and I will try to keep you advised of
what is found per whatever {sub}version that should happen in, if you're
interested and not going to keep up yourself...

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

MEB wrote:
> On 10/08/2009 07:39 PM, PCR wrote:
>> MEB wrote:
>>> On 10/07/2009 06:00 PM, PCR wrote:
>>>> MEB wrote:
>>>>> High Vulnerabilities
>>>>>
>>>>> Vulnerability Summary for CVE-2009-3522
>>>>> Original release date:10/01/2009
>>>>> Last revised:10/02/2009
>>>>> Source: US-CERT/NIST
>>>>> Overview
>>>>>
>>>>> Stack-based buffer overflow in aswMon2.sys in avast! Home and
>>>>> Professional for Windows 4.8.1351, and possibly other versions
>>>>> before
>>>>> 4.8.1356, allows local users to cause a denial of service (system
>>>>> crash) and possibly gain privileges via a crafted IOCTL request to
>>>>> IOCTL 0xb2c80018.
>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3522
>>>>>
>>>>> Vulnerability Summary for CVE-2009-3524
>>>>> Original release date:10/01/2009
>>>>> Last revised:10/05/2009
>>>>> Source: US-CERT/NIST
>>>>> Overview
>>>>>
>>>>> Unspecified vulnerability in ashWsFtr.dll in avast! Home and
>>>>> Professional for Windows before 4.8.1356 has unknown impact and
>>>>> local attack vectors.
>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3524
>>>>>
>>>>> MEDIUM IMPACT:
>>>>>
>>>>> Vulnerability Summary for CVE-2009-3523
>>>>> Original release date:10/01/2009
>>>>> Last revised:10/05/2009
>>>>> Source: US-CERT/NIST
>>>>> Overview
>>>>>
>>>>> aavmKer4.sys in avast! Home and Professional for Windows before
>>>>> 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c
>>>>> and (2) 0xb2d60034, which allows local users to gain privileges
>>>>> via IOCTL requests using crafted kernel addresses that trigger
>>>>> memory corruption, a different vulnerability than CVE-2008-1625.
>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3523
>>>>>
>>>>> Additional vulnerabilities not specific to AVAST may be found
>>>>> here: http://securitytracker.com/archives/underlyingos/218.html
>>>> That's odd, I wasn't informed there was a v.4.8.1356. But I've got
>>>> it now, thanks.
>>>>
>>>> The last one I was auto-informed of was ...1351, which I finally
>>>> took. It could be as MS did -- as you said -- just before the day
>>>> Win98 is abandoned, they come out with multiple final updates.
>>>>
>>>>
>>> Sadly, any errors that may be in whatever becomes the "final"
>>> AVAST! for 9X will likely be exposed within a few days or weeks as
>>> having some form of vulnerability. Just like, should you go back to
>>> 2006 and progress forward {time-wise} at the securitytracker link,
>>> you would find other vulnerabilities not generally widely known. Or
>>> in an old Norton, or any other application.
>>
>> Well, I just got a pop-up saying my subscription would expire in 24
>> days -- & it asked whether I'd like to upgrade to the paying
>> version! (1 yr. for $39.95; 3 yrs. for $57.94). All these updates &
>> that question STILL gives me hope avast! will continue for us! I
>> opted just to keep the Home Edition -- & a new reg id is on the way!
>> (But I fully understand your concern.)
>>
>>
>
> Let me know if you get any notice regarding EOS, disablement, or
> other from the installation or pop-up, and I will try to keep you
> advised of what is found per whatever {sub}version that should happen
> in, if you're interested and not going to keep up yourself...

It's a deal. The reg ID came, & avast! is back in business taking
auto-def updates.


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
Should things get worse after this,
PCR
pcrrcp RemoveThis @netzero.net

PCR wrote:
> MEB wrote:
>> On 10/08/2009 07:39 PM, PCR wrote:
>>> MEB wrote:
>>>> On 10/07/2009 06:00 PM, PCR wrote:
>>>>> MEB wrote:
>>>>>> High Vulnerabilities
>>>>>>
>>>>>> Vulnerability Summary for CVE-2009-3522
>>>>>> Original release date:10/01/2009
>>>>>> Last revised:10/02/2009
>>>>>> Source: US-CERT/NIST
>>>>>> Overview
>>>>>>
>>>>>> Stack-based buffer overflow in aswMon2.sys in avast! Home and
>>>>>> Professional for Windows 4.8.1351, and possibly other versions
>>>>>> before
>>>>>> 4.8.1356, allows local users to cause a denial of service (system
>>>>>> crash) and possibly gain privileges via a crafted IOCTL request to
>>>>>> IOCTL 0xb2c80018.
>>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3522
>>>>>>
>>>>>> Vulnerability Summary for CVE-2009-3524
>>>>>> Original release date:10/01/2009
>>>>>> Last revised:10/05/2009
>>>>>> Source: US-CERT/NIST
>>>>>> Overview
>>>>>>
>>>>>> Unspecified vulnerability in ashWsFtr.dll in avast! Home and
>>>>>> Professional for Windows before 4.8.1356 has unknown impact and
>>>>>> local attack vectors.
>>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3524
>>>>>>
>>>>>> MEDIUM IMPACT:
>>>>>>
>>>>>> Vulnerability Summary for CVE-2009-3523
>>>>>> Original release date:10/01/2009
>>>>>> Last revised:10/05/2009
>>>>>> Source: US-CERT/NIST
>>>>>> Overview
>>>>>>
>>>>>> aavmKer4.sys in avast! Home and Professional for Windows before
>>>>>> 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c
>>>>>> and (2) 0xb2d60034, which allows local users to gain privileges
>>>>>> via IOCTL requests using crafted kernel addresses that trigger
>>>>>> memory corruption, a different vulnerability than CVE-2008-1625.
>>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3523
>>>>>>
>>>>>> Additional vulnerabilities not specific to AVAST may be found
>>>>>> here: http://securitytracker.com/archives/underlyingos/218.html
>>>>> That's odd, I wasn't informed there was a v.4.8.1356. But I've got
>>>>> it now, thanks.
>>>>>
>>>>> The last one I was auto-informed of was ...1351, which I finally
>>>>> took. It could be as MS did -- as you said -- just before the day
>>>>> Win98 is abandoned, they come out with multiple final updates.
>>>>>
>>>>>
>>>> Sadly, any errors that may be in whatever becomes the "final"
>>>> AVAST! for 9X will likely be exposed within a few days or weeks as
>>>> having some form of vulnerability. Just like, should you go back to
>>>> 2006 and progress forward {time-wise} at the securitytracker link,
>>>> you would find other vulnerabilities not generally widely known. Or
>>>> in an old Norton, or any other application.
>>> Well, I just got a pop-up saying my subscription would expire in 24
>>> days -- & it asked whether I'd like to upgrade to the paying
>>> version! (1 yr. for $39.95; 3 yrs. for $57.94). All these updates &
>>> that question STILL gives me hope avast! will continue for us! I
>>> opted just to keep the Home Edition -- & a new reg id is on the way!
>>> (But I fully understand your concern.)
>>>
>>>
>> Let me know if you get any notice regarding EOS, disablement, or
>> other from the installation or pop-up, and I will try to keep you
>> advised of what is found per whatever {sub}version that should happen
>> in, if you're interested and not going to keep up yourself...
>
> It's a deal. The reg ID came, & avast! is back in business taking
> auto-def updates.

Dont ask,, have been having a whale of a time with computers.

Now, I too get at least a daily update of defs, sometimes twice in
one24hr period.
I am dun, as you both know, and when I fire up each day, (usually about
10.00am >>>> 's .... ) the First thing my computer does, is update
Avast. (or should I say, Avast updates itself, either way, Avast springs
into action the instant I connect to the net.)

I read meb/pcr thread, and it seems both are happy, so I wont offer
writing to avast again.
Personally, I think we will be looked after for a while yet, but, that
is only an opinion.

(on the 'other side', I've had other problems, but they are nothing to
do with o/s or malaware or etc)
(and in the interim, I have heard nothing but complaints from xp users,
even helped fix their machines (o/s) and also noted the swell in the xp
n/g due to 'problems'.... gotta tell ya pcr, I'm ducking rad' wavs too.)

oh, have either of you two d/loaded the free win7?

S/C

square/circle wrote:
> PCR wrote:
>> MEB wrote:
>>> On 10/08/2009 07:39 PM, PCR wrote:
>>>> MEB wrote:
>>>>> On 10/07/2009 06:00 PM, PCR wrote:
>>>>>> MEB wrote:
>>>>>>> High Vulnerabilities
>>>>>>>
>>>>>>> Vulnerability Summary for CVE-2009-3522
>>>>>>> Original release date:10/01/2009
>>>>>>> Last revised:10/02/2009
>>>>>>> Source: US-CERT/NIST
>>>>>>> Overview
>>>>>>>
>>>>>>> Stack-based buffer overflow in aswMon2.sys in avast! Home and
>>>>>>> Professional for Windows 4.8.1351, and possibly other versions
>>>>>>> before
>>>>>>> 4.8.1356, allows local users to cause a denial of service (system
>>>>>>> crash) and possibly gain privileges via a crafted IOCTL request to
>>>>>>> IOCTL 0xb2c80018.
>>>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3522
>>>>>>>
>>>>>>> Vulnerability Summary for CVE-2009-3524
>>>>>>> Original release date:10/01/2009
>>>>>>> Last revised:10/05/2009
>>>>>>> Source: US-CERT/NIST
>>>>>>> Overview
>>>>>>>
>>>>>>> Unspecified vulnerability in ashWsFtr.dll in avast! Home and
>>>>>>> Professional for Windows before 4.8.1356 has unknown impact and
>>>>>>> local attack vectors.
>>>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3524
>>>>>>>
>>>>>>> MEDIUM IMPACT:
>>>>>>>
>>>>>>> Vulnerability Summary for CVE-2009-3523
>>>>>>> Original release date:10/01/2009
>>>>>>> Last revised:10/05/2009
>>>>>>> Source: US-CERT/NIST
>>>>>>> Overview
>>>>>>>
>>>>>>> aavmKer4.sys in avast! Home and Professional for Windows before
>>>>>>> 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c
>>>>>>> and (2) 0xb2d60034, which allows local users to gain privileges
>>>>>>> via IOCTL requests using crafted kernel addresses that trigger
>>>>>>> memory corruption, a different vulnerability than CVE-2008-1625.
>>>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3523
>>>>>>>
>>>>>>> Additional vulnerabilities not specific to AVAST may be found
>>>>>>> here: http://securitytracker.com/archives/underlyingos/218.html
>>>>>> That's odd, I wasn't informed there was a v.4.8.1356. But I've got
>>>>>> it now, thanks.
>>>>>>
>>>>>> The last one I was auto-informed of was ...1351, which I finally
>>>>>> took. It could be as MS did -- as you said -- just before the day
>>>>>> Win98 is abandoned, they come out with multiple final updates.
>>>>>>
>>>>>>
>>>>> Sadly, any errors that may be in whatever becomes the "final"
>>>>> AVAST! for 9X will likely be exposed within a few days or weeks as
>>>>> having some form of vulnerability. Just like, should you go back to
>>>>> 2006 and progress forward {time-wise} at the securitytracker link,
>>>>> you would find other vulnerabilities not generally widely known. Or
>>>>> in an old Norton, or any other application.
>>>> Well, I just got a pop-up saying my subscription would expire in 24
>>>> days -- & it asked whether I'd like to upgrade to the paying
>>>> version! (1 yr. for $39.95; 3 yrs. for $57.94). All these updates &
>>>> that question STILL gives me hope avast! will continue for us! I
>>>> opted just to keep the Home Edition -- & a new reg id is on the way!
>>>> (But I fully understand your concern.)
>>>>
>>>>
>>> Let me know if you get any notice regarding EOS, disablement, or
>>> other from the installation or pop-up, and I will try to keep you
>>> advised of what is found per whatever {sub}version that should happen
>>> in, if you're interested and not going to keep up yourself...
>>
>> It's a deal. The reg ID came, & avast! is back in business taking
>> auto-def updates.
>
> Dont ask,, have been having a whale of a time with computers.
>
> Now, I too get at least a daily update of defs, sometimes twice in
> one24hr period.
> I am dun, as you both know, and when I fire up each day, (usually about
> 10.00am >>>> 's .... ) the First thing my computer does, is update
> Avast. (or should I say, Avast updates itself, either way, Avast springs
> into action the instant I connect to the net.)
>
> I read meb/pcr thread, and it seems both are happy, so I wont offer
> writing to avast again.
> Personally, I think we will be looked after for a while yet, but, that
> is only an opinion.
>
> (on the 'other side', I've had other problems, but they are nothing to
> do with o/s or malaware or etc)
> (and in the interim, I have heard nothing but complaints from xp users,
> even helped fix their machines (o/s) and also noted the swell in the xp
> n/g due to 'problems'.... gotta tell ya pcr, I'm ducking rad' wavs too.)
>
> oh, have either of you two d/loaded the free win7?
>
> S/C

FREE? Are you referring to the Win7 *release candidates*?
And no, tested a few early releases...

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

square/circle wrote:
> PCR wrote:
>> MEB wrote:
>>> On 10/08/2009 07:39 PM, PCR wrote:
>>>> MEB wrote:
>>>>> On 10/07/2009 06:00 PM, PCR wrote:
>>>>>> MEB wrote:
>>>>>>> High Vulnerabilities
>>>>>>>
>>>>>>> Vulnerability Summary for CVE-2009-3522
>>>>>>> Original release date:10/01/2009
>>>>>>> Last revised:10/02/2009
>>>>>>> Source: US-CERT/NIST
>>>>>>> Overview
>>>>>>>
>>>>>>> Stack-based buffer overflow in aswMon2.sys in avast! Home and
>>>>>>> Professional for Windows 4.8.1351, and possibly other versions
>>>>>>> before
>>>>>>> 4.8.1356, allows local users to cause a denial of service
>>>>>>> (system crash) and possibly gain privileges via a crafted IOCTL
>>>>>>> request to IOCTL 0xb2c80018.
>>>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3522
>>>>>>>
>>>>>>> Vulnerability Summary for CVE-2009-3524
>>>>>>> Original release date:10/01/2009
>>>>>>> Last revised:10/05/2009
>>>>>>> Source: US-CERT/NIST
>>>>>>> Overview
>>>>>>>
>>>>>>> Unspecified vulnerability in ashWsFtr.dll in avast! Home and
>>>>>>> Professional for Windows before 4.8.1356 has unknown impact and
>>>>>>> local attack vectors.
>>>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3524
>>>>>>>
>>>>>>> MEDIUM IMPACT:
>>>>>>>
>>>>>>> Vulnerability Summary for CVE-2009-3523
>>>>>>> Original release date:10/01/2009
>>>>>>> Last revised:10/05/2009
>>>>>>> Source: US-CERT/NIST
>>>>>>> Overview
>>>>>>>
>>>>>>> aavmKer4.sys in avast! Home and Professional for Windows before
>>>>>>> 4.8.1356 does not properly validate input to IOCTLs (1)
>>>>>>> 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain
>>>>>>> privileges via IOCTL requests using crafted kernel addresses
>>>>>>> that trigger memory corruption, a different vulnerability than
>>>>>>> CVE-2008-1625.
>>>>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3523
>>>>>>>
>>>>>>> Additional vulnerabilities not specific to AVAST may be found
>>>>>>> here: http://securitytracker.com/archives/underlyingos/218.html
>>>>>> That's odd, I wasn't informed there was a v.4.8.1356. But I've
>>>>>> got it now, thanks.
>>>>>>
>>>>>> The last one I was auto-informed of was ...1351, which I finally
>>>>>> took. It could be as MS did -- as you said -- just before the day
>>>>>> Win98 is abandoned, they come out with multiple final updates.
>>>>>>
>>>>>>
>>>>> Sadly, any errors that may be in whatever becomes the "final"
>>>>> AVAST! for 9X will likely be exposed within a few days or weeks as
>>>>> having some form of vulnerability. Just like, should you go back
>>>>> to 2006 and progress forward {time-wise} at the securitytracker
>>>>> link, you would find other vulnerabilities not generally widely
>>>>> known. Or in an old Norton, or any other application.
>>>> Well, I just got a pop-up saying my subscription would expire in 24
>>>> days -- & it asked whether I'd like to upgrade to the paying
>>>> version! (1 yr. for $39.95; 3 yrs. for $57.94). All these updates &
>>>> that question STILL gives me hope avast! will continue for us! I
>>>> opted just to keep the Home Edition -- & a new reg id is on the
>>>> way! (But I fully understand your concern.)
>>>>
>>>>
>>> Let me know if you get any notice regarding EOS, disablement, or
>>> other from the installation or pop-up, and I will try to keep you
>>> advised of what is found per whatever {sub}version that should
>>> happen in, if you're interested and not going to keep up yourself...
>>
>> It's a deal. The reg ID came, & avast! is back in business taking
>> auto-def updates.
>
> Dont ask,, have been having a whale of a time with computers.

Did you see Noah in there?

> Now, I too get at least a daily update of defs, sometimes twice in
> one24hr period.
> I am dun, as you both know, and when I fire up each day, (usually
> about
> 10.00am >>>> 's .... ) the First thing my computer does, is update
> Avast. (or should I say, Avast updates itself, either way, Avast
> springs into action the instant I connect to the net.)

Yep. Within minutes, I see the circular, double-arrow icon in the Tray
to signify an update of defs is in progress. Very good. Some
operations -- such as opening Explorer or using the Taskbar's address
bar (but IE & IE's address bar are immune) -- are slow while the update
is in progress. However, it doesn't last that long (up to 15 mins.) & is
worth it. Just don't think the computer has crashed -- be patient -- is
all! It's one of the avast!'s few & acceptable bugaboos!

> I read meb/pcr thread, and it seems both are happy, so I wont offer
> writing to avast again.
> Personally, I think we will be looked after for a while yet, but, that
> is only an opinion.

That's a good thought. As I recall, your last communication with them
offered a degree of hope. Therefore, let it stand, yea, & time will tell
the rest.

> (on the 'other side', I've had other problems, but they are nothing to
> do with o/s or malaware or etc)

What did Noah have to say in the belly of that whale?

> (and in the interim, I have heard nothing but complaints from xp
> users, even helped fix their machines (o/s) and also noted the swell
> in the xp n/g due to 'problems'.... gotta tell ya pcr, I'm ducking
> rad' wavs too.)

Be sure to wear your tinfoil hat near XP -- & double it for Vista!

> oh, have either of you two d/loaded the free win7?

It's beyond this Compaq 7470's (533 MHz, 384 MB RAM) capabilities...

http://www.technize.com/2009/10/10/download-windows-7-free/
........Quote.................
Here are the general system requirements of Windows 7:

1 gigahertz (GHz) or faster 32-bit (x86) or 64-bit (x64) processor
1 gigabyte (GB) RAM (32-bit) or 2 GB RAM (64-bit)
16 GB available hard disk space (32-bit) or 20 GB (64-bit)
DirectX 9 graphics device with WDDM 1.0 or higher driver
........EOQ....................

> S/C

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
Should things get worse after this,
PCR
pcrrcp.RemoveThis@netzero.net