Avast Antivirus Path Traversal Vulnerability

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an antivirus application that is affected
by a path traversal vulnerability.

Description :

The remote Windows host is running Avast Antivirus with a virus
definition prior to version 150918-0. It is, therefore, affected by a
path traversal vulnerability that occurs when processing ZIP archives.
An unauthenticated, remote attacker can exploit this, via a crafted
ZIP archive, to delete or write arbitrary files to the system.

See also :

https://www.avast.com/virus-update-history
http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000160.html
http://jvn.jp/en/jp/JVN25576608/index.html

Solution :

Upgrade the Avast Antivirus virus definition to version 150918-0 or
later.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 5.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 87776 ()

Bugtraq ID: 77102

CVE ID: CVE-2015-5662

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now