Vulnerability CVE-2017-6417

Published: 2017-03-21

Code injection vulnerability in Avira Total Security Suite 15.0 (and earlier), Optimization Suite 15.0 (and earlier), Internet Security Suite 15.0 (and earlier), and Free Security Suite 15.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avira process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack.

Vendor: Avira
Product: Free security suite 
Version: 15.0;
Product: Total security suite 
Version: 15.0;
Product: Optimization suite 
Version: 15.0;
Product: Internet security suite 
Version: 15.0;

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
Exploit range
Attack complexity
No required
Confidentiality impact
Integrity impact
Availability impact


Related CVE
An issue was discovered in Avira Free Security Suite 10. The permissive access rights on the SoftwareUpdater folder (files / folders and configuration) are incompatible with the privileged file manipulation performed by the product. Files can be crea...
Avira Antivirus engine versions before allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based buffer underflow.
The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext.
Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header.
The Avira Secure Backup (aka com.avira.avirabackup) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificat...
** DISPUTED ** Race condition in Avira Premium Security Suite on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based ...
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir, Antiy Labs AVL SDK, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Clam...
The TAR file parser in Avira AntiVir, Antiy Labs AVL SDK, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus, Emsi...

Copyright 2019,


Back to Top