Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Secure browser'
2020-01-27
CVE-2019-17190
CWE-269
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the elevated process cleans the ACL of the Update.ini file in %PROGRAMDATA%\Avast Software\Browser\Update\ and sets all privileges to group Everyone. Because any low-privileged user can create, delete, or modify the Update.ini file stored in this location, an attacker with low privileges can create a hard link named Update.ini in this folder, and make it point to a file writable by NT AUTHORITY\SYSTEM. Once AvastBrowserUpdate.exe is triggered by the update check functionality, the DACL is set to a misconfigured value on the crafted Update.ini and, consequently, to the target file that was previously not writable by the low-privileged attacker.
2020-01-13
CVE-2019-18893
CWE-79
XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component. While Video Downloader is technically a browser extension, it is granted a very wide set of privileges and can for example access cookies and browsing history, spy on the user while they are surfing the web, and alter their surfing experience in almost arbitrary ways.
>>>
Vendor:
Avast
32
Products
Avast antivirus
Antivirus
Avg antivirus
Avast antivirus home
Avast antivirus professional
Internet security
Endpoint protection
Avast antivirus free
Avast! mobile security
Antivirus pro
Avast free antivirus
Avast internet security
Avast premier
Avast pro antivirus
Avast
Business security
Email server security
Endpoint protection plus
Endpoint protection suite
Endpoint protection suite plus
File server security
Free antivirus
Premier
Pro antivirus
Premium security
Secure browser
Antivirus for linux
Antivirus pro plus
Antitrack
Avg antitrack
Secureline vpn
Retdec
Copyright
2024
, cxsecurity.com
Back to Top