CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8308
https://notcve.org/view.php?id=CVE-2017-8308
In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. This bypasses the Self-Defense feature of the product, opening a door to subsequent attack on many of its components. En Avast Antivirus anteriores a v17, un usuario no privilegiado puede marcar un proceso arbitrario como Trusted desde la perspectiva del producto Avast. Esto evita la característica de Self-Defense del producto, abriendo una puerta a un ataque posterior en muchos de sus componentes. • http://www.securityfocus.com/bid/98084 https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Avast-Antivirus/?fid=9201 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2017-8307
https://notcve.org/view.php?id=CVE-2017-8307
In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulnerability is exploitable by any unprivileged user when Avast Self-Defense is disabled. It is also exploitable in conjunction with CVE-2017-8308 when Avast Self-Defense is enabled. The vulnerability allows for Denial of Service attacks and hiding traces of a possible attack. En Avast Antivirus versiones anteriores a v17, utilizando el API de interfaz LPC expuesto por el servicio AvastSVC.exe de Windows, es posible iniciar binarios predefinidos o reemplazar o eliminar archivos arbitrarios. • http://www.securityfocus.com/bid/98086 https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Avast-Antivirus/?fid=9201 •