RSS   Vulnerabilities for 'Antivirus'   RSS

2019-07-18
 
CVE-2019-11230

CWE-59
 

 
In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. The next time the product attempts to write to the log file, the target of the symlink is renamed. This defect can be exploited to rename a critical product file (e.g., AvastSvc.exe), causing the product to fail to start on the next system restart.

 
2017-04-27
 
CVE-2017-8308

 

 
In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. This bypasses the Self-Defense feature of the product, opening a door to subsequent attack on many of its components.

 
 
CVE-2017-8307

 

 
In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulnerability is exploitable by any unprivileged user when Avast Self-Defense is disabled. It is also exploitable in conjunction with CVE-2017-8308 when Avast Self-Defense is enabled. The vulnerability allows for Denial of Service attacks and hiding traces of a possible attack.

 

 >>> Vendor: Avast 22 Products
Avast antivirus
Avast antivirus home
Avast antivirus professional
Avast antivirus free
Avast! mobile security
Avast free antivirus
Avast internet security
Avast premier
Avast pro antivirus
Avast
Business security
Email server security
Endpoint protection
Endpoint protection plus
Endpoint protection suite
Endpoint protection suite plus
File server security
Free antivirus
Internet security
Premier
Pro antivirus
Antivirus


Copyright 2019, cxsecurity.com

 

Back to Top