CVE-2023-1585
https://notcve.org/view.php?id=CVE-2023-1585
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2022-4294 – Norton, Avira, Avast and AVG Antivirus for Windows Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-4294
Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-269: Improper Privilege Management •
CVE-2022-4173 – Avast and AVG Antivirus for Windows vulnerable to Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-4173
A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10. Una vulnerabilidad dentro de la funcionalidad de eliminación de malware de Avast y AVG Antivirus permitió a un atacante con acceso de escritura al sistema de archivos aumentar sus privilegios en ciertos escenarios. El problema se solucionó con Avast y AVG Antivirus versión 22.10. • https://support.norton.com/sp/static/external/tools/security-advisories.html • CWE-269: Improper Privilege Management •
CVE-2021-45339
https://notcve.org/view.php?id=CVE-2021-45339
Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast self-defense. Una vulnerabilidad de escalada de privilegios en Avast Antivirus versiones anteriores a 20.4, permite a un usuario local alcanzar privilegios elevados al "vaciar" los procesos confiables, lo que podría conllevar a una omisión de la autodefensa de Avast • https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST0 https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0 • CWE-863: Incorrect Authorization •
CVE-2021-45338
https://notcve.org/view.php?id=CVE-2021-45338
Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security. Múltiples vulnerabilidades de escalada de privilegios en Avast Antivirus versiones anteriores a 20.4, permiten a un usuario local alcanzar privilegios elevados al llamar a métodos internos innecesariamente potentes del servicio antivirus principal, lo que podría conllevar el (1) borrado arbitrario de archivos, (2) escritura y (3) restablecimiento de la seguridad • https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.1 https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.2 https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST1.3 https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0 •