CVE-2010-5152
CVE-2010-5152 is a medium-severity vulnerability in Avg Internet Security with a CVSS 2.0 base score of 6.2. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-362.
Key facts
- Severity: Medium (CVSS 2.0 base score 6.2)
- EPSS exploit prediction: 0% (22nd percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-362
- Affected product: Avg Internet Security
- Published:
- Last modified:
Description
Race condition in AVG Internet Security 9.0.791 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
Frequently asked questions
- What is CVE-2010-5152?
- Race condition in AVG Internet Security 9.0.791 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
- How severe is CVE-2010-5152?
- CVE-2010-5152 has a CVSS 2.0 base score of 6.2, rated medium severity.
- Is CVE-2010-5152 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (22nd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2010-5152?
- CVE-2010-5152 affects Avg Internet Security. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2010-5152?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2010-5152 published?
- CVE-2010-5152 was published on 2012-08-25 and last updated on 2026-06-16.
References
- http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html
- http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html
- http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/
- http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php
- http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php
- http://www.f-secure.com/weblog/archives/00001949.html
- http://www.osvdb.org/67660
- http://www.securityfocus.com/bid/39924
- http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/
Affected products (1)
- cpe:2.3:a:avg:internet_security:9.0.791:*:*:*:*:*:*:*
More vulnerabilities in Avg Internet Security
- CVE-2024-6510 — High (CVSS 7.8): Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate…
- CVE-2014-9632 — High (CVSS 7.2): The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and…
- CVE-2017-5566 — Medium (CVSS 6.7): Code injection vulnerability in AVG Ultimate 17.1 (and earlier), AVG Internet Security 17.1 (and earlier), and AVG…
- CVE-2015-8578 — Medium (CVSS 6.4): AVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when…
All CVEs affecting Avg Internet Security →
Other CWE-362 (Race Condition) vulnerabilities
- CVE-2022-27626 — Critical (CVSS 10.0): A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition')…
- CVE-2015-8556 — Critical (CVSS 10.0): Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
- CVE-2014-0703 — Critical (CVSS 10.0): Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition…
- CVE-2010-1228 — Critical (CVSS 10.0): Multiple race conditions in the sandbox infrastructure in Google Chrome before 4.1.249.1036 have unspecified impact and…
- CVE-2008-6598 — Critical (CVSS 10.0): Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic."
- CVE-2026-46137 — Critical (CVSS 9.8): In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADD_ADDR rtx: fix potential…