Avast Antivirus
CVE-2015-5662
MEDIUM
Severity by source
AV:N/AC:L/Au:N/C:N/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:N/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive.
AnalysisAI
Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive. Affected products include: Avast Avast Antivirus. Version information: before 150918.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
More in Avast Antivirus
View allThe TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7,
The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast!. Rated medium severity (CVSS 4.3), t
The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVir
Local privilege escalation in Avast Antivirus 25.11 allows non-privileged Windows users to execute arbitrary code as SYS
Local code execution and denial-of-service in Gen Digital antivirus engines (Avast, AVG, Norton, Avast One, Avast Busine
Local code execution or antivirus-process denial-of-service in Gen Digital's shared scanning engine (Avast Antivirus, AV
Out-of-bounds heap read in the Gen Digital antivirus scanning engine (Avast, AVG, Norton, Avast One, Avast Business) all
Heap out-of-bounds write in Gen Digital's shared antivirus scanning engine allows local code execution or denial of serv
Stack overflow in Gen Digital's shared antivirus scanning engine crashes the AV process when it parses a malformed Offic
Stack overflow via uncontrolled recursion crashes the antivirus scanning process across all Gen Digital consumer and bus
Stack use-after-free in the Gen Digital shared antivirus scanning engine crashes the antivirus process when it parses a
Uncontrolled recursion in the Gen Digital shared scanning engine crashes the antivirus process when it encounters a spec
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today