1 results (0.001 seconds)
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17190 – Avast Secure Browser 76.0.1659.101 Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-17190
27 Jan 2020 — A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the elevated process cleans the ACL of the Update.ini file in %PROGRAMDATA%\Avast Software\Browser\Update\ and sets all privileges to group Everyone. Because any low-privileged user can create, delete, or modify the... • http://packetstormsecurity.com/files/156844/Avast-Secure-Browser-76.0.1659.101-Local-Privilege-Escalation.html • CWE-863: Incorrect Authorization •