Skip to main content

Avast Antivirus CVE-2015-5662

MEDIUM
Path Traversal (CWE-22)
2015-10-18 vultures@jpcert.or.jp
6.4
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.4 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Oct 18, 2015 - 10:59 cve.org
MEDIUM 6.4

DescriptionCVE.org

Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive.

AnalysisAI

Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive. Affected products include: Avast Avast Antivirus. Version information: before 150918.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

CVE-2012-1459 MEDIUM
4.3 Mar 21

The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7,

CVE-2012-1457 MEDIUM
4.3 Mar 21

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast!. Rated medium severity (CVSS 4.3), t

CVE-2012-1443 MEDIUM
4.3 Mar 21

The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVir

CVE-2025-71326 HIGH POC
8.5 Jun 19

Local privilege escalation in Avast Antivirus 25.11 allows non-privileged Windows users to execute arbitrary code as SYS

CVE-2025-7011 HIGH
7.8 Jun 12

Local code execution and denial-of-service in Gen Digital antivirus engines (Avast, AVG, Norton, Avast One, Avast Busine

CVE-2025-7009 HIGH
7.8 Jun 12

Local code execution or antivirus-process denial-of-service in Gen Digital's shared scanning engine (Avast Antivirus, AV

CVE-2025-7008 HIGH
7.8 Jun 12

Out-of-bounds heap read in the Gen Digital antivirus scanning engine (Avast, AVG, Norton, Avast One, Avast Business) all

CVE-2025-7004 HIGH
7.8 Jun 12

Heap out-of-bounds write in Gen Digital's shared antivirus scanning engine allows local code execution or denial of serv

CVE-2025-7019 MEDIUM
5.5 Jun 12

Stack overflow in Gen Digital's shared antivirus scanning engine crashes the AV process when it parses a malformed Offic

CVE-2025-7010 MEDIUM
5.5 Jun 12

Stack overflow via uncontrolled recursion crashes the antivirus scanning process across all Gen Digital consumer and bus

CVE-2025-7006 MEDIUM
5.5 Jun 12

Stack use-after-free in the Gen Digital shared antivirus scanning engine crashes the antivirus process when it parses a

CVE-2025-7005 MEDIUM
5.5 Jun 12

Uncontrolled recursion in the Gen Digital shared scanning engine crashes the antivirus process when it encounters a spec

Share

CVE-2015-5662 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy