Avast Antivirus Path Traversal Vulnerability

Medium Nessus Plugin ID 87776


The remote Windows host has an antivirus application that is affected by a path traversal vulnerability.


The remote Windows host is running Avast Antivirus with a virus definition prior to version 150918-0. It is, therefore, affected by a path traversal vulnerability that occurs when processing ZIP archives.
An unauthenticated, remote attacker can exploit this, via a crafted ZIP archive, to delete or write arbitrary files to the system.


Upgrade the Avast Antivirus virus definition to version 150918-0 or later.

See Also




Plugin Details

Severity: Medium

ID: 87776

File Name: avast_CVE-2015-5662.nasl

Version: $Revision: 1.2 $

Type: local

Agent: windows

Family: Windows

Published: 2016/01/07

Modified: 2016/04/29

Dependencies: 87777

Risk Information

Risk Factor: Medium


Base Score: 6.4

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:avast:avast_antivirus

Required KB Items: installed_sw/Avast Antivirus

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/10/16

Vulnerability Publication Date: 2015/10/16

Reference Information

CVE: CVE-2015-5662

BID: 77102

OSVDB: 128980