Fortinet Discovers Multiple Out-of-Bounds Write Vulnerabilities in AVIRA
Fortinet's FortiGuard Labs has discovered multiple out-of-bounds write vulnerabilities in one of the DLL components served as IPC server run in AVIRA core service avguard.exe.
Avira is an antivirus software developed by Avira Operations GmbH & Co. KG.
A client program which successfully sends a crafted message to the vulnerable IPC server would potentially cause privilege elevation or denial-of-service.
Users should apply AVIRA updates 22.214.171.124 and above
Fortinet reported the vulnerability to Avira on November 21, 2016.
Avira patched the vulnerability on February 21, 2017.
This vulnerability was discovered by Wayne Low of Fortinet's FortiGuard Labs.