Vulnerabilities for Premium security (...) - CXSECURITY.COM

Vulnerabilities for 'Premium security'

2022-05-20

CVE-2022-28965

NVD-CWE-noinfo

Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file.

2021-03-29

CVE-2021-27241

CWE-59

This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AvastSvc.exe module. By creating a directory junction, an attacker can abuse the service to delete a directory. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12082.

2020-01-13

CVE-2019-18894

CWE-78

In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A flaw in the processing of a command allows execution of arbitrary OS commands with the privileges of the currently logged in user. This allows for example attackers who compromised a browser extension to escape from the browser sandbox.

>>> Vendor: Avast 32 Products

Avast antivirus

Avast antivirus home

Avast antivirus professional

Avast antivirus free

Avast! mobile security

Avast free antivirus

Avast internet security

Avast pro antivirus

Business security

Email server security

Endpoint protection

Endpoint protection plus

Endpoint protection suite

Endpoint protection suite plus

File server security

Internet security

Premium security

Antivirus for linux

Antivirus pro plus

Copyright 2024, cxsecurity.com