CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2017-6417
https://notcve.org/view.php?id=CVE-2017-6417
21 Mar 2017 — Code injection vulnerability in Avira Total Security Suite 15.0 (and earlier), Optimization Suite 15.0 (and earlier), Internet Security Suite 15.0 (and earlier), and Free Security Suite 15.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avira process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary ... • http://cybellum.com/doubleagent-taking-full-control-antivirus • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 81%CPEs: 33EXPL: 1CVE-2007-2864 – CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-2864
05 Jun 2007 — Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file. Desbordamiento de búfer basado en pila en el motor antivirus anterior a la actualización de contenido 30.6 de múltiples productos CA (antiguamente Computer Associates) permite a atacantes remotos ejecutar código de su elección mediante un valor largo no válido d... • https://www.exploit-db.com/exploits/16677 •