CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7233 – Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7233
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-24-1005 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42052
https://notcve.org/view.php?id=CVE-2024-42052
A local user can exploit this to escalate privileges to SYSTEM by placing a wevtutil.exe file in the folder. • https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/1.md https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/15813655496603-Splashtop-Streamer-version-v3-5-8-0-for-Windows-released •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42051
https://notcve.org/view.php?id=CVE-2024-42051
A local user can exploit this to escalate privileges to SYSTEM by replacing InstRegExp.reg. • https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/3.md https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/20716875636763-Splashtop-Streamer-version-v3-6-2-0-for-Windows-released • CWE-1391: Use of Weak Credentials •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42053
https://notcve.org/view.php?id=CVE-2024-42053
A local user can exploit this to escalate privileges to SYSTEM by placing a version.dll file in the folder. • https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/2.md https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/18223802896539-Splashtop-Streamer-version-v3-6-0-0-for-Windows-released • CWE-276: Incorrect Default Permissions •
CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-42050
https://notcve.org/view.php?id=CVE-2024-42050
A local user can exploit this to escalate privileges to SYSTEM via an oplock on CredProvider_Inst.reg. • https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/4.md https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/25584410412571--Splashtop-Streamer-version-v3-7-0-0-for-Windows-released • CWE-269: Improper Privilege Management •