Vulnerability CVE-2017-6417

Published: 2017-03-21

Code injection vulnerability in Avira Total Security Suite 15.0 (and earlier), Optimization Suite 15.0 (and earlier), Internet Security Suite 15.0 (and earlier), and Free Security Suite 15.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avira process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack.

Vendor: Avira
Product: Free security suite 
Version: 15.0;
Product: Total security suite 
Version: 15.0;
Product: Optimization suite 
Version: 15.0;
Product: Internet security suite 
Version: 15.0;

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
Exploit range
Attack complexity
No required
Confidentiality impact
Integrity impact
Availability impact


Related CVE
Avira Antivirus engine versions before allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based buffer underflow.
The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext.
Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header.
The Avira Secure Backup (aka com.avira.avirabackup) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificat...
** DISPUTED ** Race condition in Avira Premium Security Suite on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based ...
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir, Antiy Labs AVL SDK, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Clam...
The TAR file parser in Avira AntiVir, Antiy Labs AVL SDK, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus, Emsi...
The RAR file parser in ClamAV 0.96.4, Rising Antivirus, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus, Ikarus Virus Utilities T3 Command Li...

Copyright 2018,


Back to Top