製品・ソフトウェアに関する情報

JVN脆弱性詳細

AVG Internet Security における DEP および ASLR 保護メカニズムを回避される脆弱性

Title	AVG Internet Security における DEP および ASLR 保護メカニズムを回避される脆弱性
Summary	AVG Internet Security は、ユーザモードプロセスを保護する場合、予測可能なアドレスに Read、Write、Execute (RWX) のパーミッションでメモリ割り当てを行うため、DEP および ASLR 保護メカニズムを回避される脆弱性が存在します。
Possible impacts	攻撃者により、DEP および ASLR 保護メカニズムを回避される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Dec. 8, 2015, midnight
Registration Date	Dec. 18, 2015, 4:54 p.m.
Last Update	Dec. 18, 2015, 4:54 p.m.

Affected System

AVG Technologies

AVG Internet Security 2015

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2015-8578	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8578
National Vulnerability Database (NVD)
2	CVE-2015-8578	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8578

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
AVG Technologies
1	AVG Download Center	http://www.avg.com/eu-en/avg-release-notes

その他

No	Name	URL
関連文書
1	Sedating the Watchdog: Abusing Security Products to Bypass Mitigations	http://breakingmalware.com/vulnerabilities/sedating-watchdog-abusing-security-products-bypass-mitigations/
2	You’re so predictable: the AV vulnerability that bypasses mitigations	http://blog.ensilo.com/the-av-vulnerability-that-bypasses-mitigations

Change Log

No	Changed Details	Date of change
0	[2015年12月18日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2015-8578

Summary	AVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.
Publication Date	Dec. 17, 2015, 3:59 a.m.
Registration Date	Jan. 26, 2021, 2:58 p.m.
Last Update	Nov. 21, 2024, 11:38 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:avg:internet_security:2015:::::::*

Related information, measures and tools

No	URL	タグ
1	http://blog.ensilo.com/the-av-vulnerability-that-bypasses-mitigations
2	http://blog.ensilo.com/the-av-vulnerability-that-bypasses-mitigations
3	http://breakingmalware.com/vulnerabilities/sedating-watchdog-abusing-security-products-bypass-mitigations/
4	http://breakingmalware.com/vulnerabilities/sedating-watchdog-abusing-security-products-bypass-mitigations/
5	http://breakingmalware.com/vulnerabilities/vulnerability-patching-learning-from-avg-on-doing-it-right/	Exploit
6	http://breakingmalware.com/vulnerabilities/vulnerability-patching-learning-from-avg-on-doing-it-right/	Exploit
7	http://www.securityfocus.com/bid/78813
8	http://www.securityfocus.com/bid/78813

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html