CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7232 – Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7232
29 Jul 2024 — Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to delete a folder. • https://www.zerodayinitiative.com/advisories/ZDI-24-1004 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7227 – Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7227
29 Jul 2024 — Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to delete a file. • https://www.zerodayinitiative.com/advisories/ZDI-24-1003 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7233 – Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7233
29 Jul 2024 — Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to delete a folder. • https://www.zerodayinitiative.com/advisories/ZDI-24-1005 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7228 – Avast Free Antivirus Link Following Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-7228
29 Jul 2024 — Avast Free Antivirus Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to create a folder. • https://www.zerodayinitiative.com/advisories/ZDI-24-999 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-13657
https://notcve.org/view.php?id=CVE-2020-13657
29 Jun 2020 — An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. The vulnerability allows local users to take control of arbitrary files. Se presenta una vulnerabilidad de elevación de privilegios en Avast Free Antivirus y AVG AntiVirus Free versiones anteriores a 20.4, debido a un manejo inapropiado de los enlaces físicos. La vulnerabilidad permite a usuarios locales tomar el control de archivos arbitrarios • https://forum.avast.com/index.php?topic=232423.0 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-12572 – Avast Anti-Virus Local Credential Disclosure
https://notcve.org/view.php?id=CVE-2018-12572
10 Feb 2019 — Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data. Avast Free Antivirus, en versiones anteriores a la 19.1.2360, almacena credenciales de usuario en la memoria al iniciar sesión, lo que permite que los usuarios locales obtengan información sensible volcando la memoria de la aplicación AvastUI.exe y analizando los datos. Avast Anti-Virus versions prior to... • https://packetstorm.news/files/id/151590 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2017-5567
https://notcve.org/view.php?id=CVE-2017-5567
21 Mar 2017 — Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider... • http://cybellum.com/doubleagent-taking-full-control-antivirus • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 42EXPL: 0CVE-2016-4025 – Avast! Sandbox Escape
https://notcve.org/view.php?id=CVE-2016-4025
19 Apr 2016 — Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call. Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security ... • https://labs.nettitude.com/blog/escaping-avast-sandbox-using-single-ioctl-cve-2016-4025 • CWE-254: 7PK - Security Features •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 3CVE-2015-8620 – Avast 11.1.2245 Heap Overflow
https://notcve.org/view.php?id=CVE-2015-8620
21 Feb 2016 — Heap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privileges via a Unicode file path in an IOCTL request. Desbordamiento de buffer basado en memoria dinámica en el controlador de virtualización de Avast (aswSnx.sys) en Avast Internet Security, Pro Antivirus, Premier y Free Antivirus en versiones anteriores a 11.1.2253 permite a usuarios locales obtener privilegios a tra... • http://packetstormsecurity.com/files/135859/Avast-11.1.2245-Heap-Overflow.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 5%CPEs: 1EXPL: 2CVE-2010-3126 – Avast! 5.0.594 - 'mfc90loc.dll' License Files DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-3126
26 Aug 2010 — Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) file. Vulnerabilidad de búsqueda en ruta no confiable en avast! Free Antivirus v5.0.594 y anteriores, permite a usuarios locales y posiblemente atacantes remotos, la ejecución de código de su elección y llevar a c... • https://www.exploit-db.com/exploits/14743 •