|CVSS SCORE||9.3, (AV:N/AC:M/Au:N/C:C/I:C/A:C)|
The specific flaw exists within the handling of HTTP headers by the Update Manager service. By sending overly large headers, an attacker is able to cause memory to be reused after it has been released. An attacker could leverage this to execute arbitrary code under the context of SYSTEM.
09/03/2015 - ZDI emailed Avira contact and requested contact
-- Vendor Patch: