Vulnerability CVE-2019-11230


Published: 2019-07-18

Description:
In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. The next time the product attempts to write to the log file, the target of the symlink is renamed. This defect can be exploited to rename a critical product file (e.g., AvastSvc.exe), causing the product to fail to start on the next system restart.

Type:

CWE-59

(Improper Link Resolution Before File Access ('Link Following'))

Vendor: Avast
Product: Antivirus 
Version:
8.0.1506
8.0.1504
8.0.1501
8.0.1500
8.0.1497
8.0.1489
19.1
18.8.2356
18.7.2354
18.6.2349
18.5.2342
18.4.2338
18.3.2333
18.2.2328
18.1.2326
17.9.2322
17.8.2318
17.7.2314
17.6.2310
17.5.2302
17.4.2294
17.3.2291
17.3.2290
17.2.2288
17.1.2286
12.3.2279
12.2.2276
12.1.2272

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.6/10
4.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial

 References:
http://www.mcerlane.co.uk/CVE-2019-11230/
http://www.securityfocus.com/bid/109344

Related CVE
CVE-2018-12572
Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data.
CVE-2017-8308
In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. This bypasses the Self-Defense feature of the product, opening a door to subsequent ...
CVE-2017-8307
In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulnerability is exploitable by any unprivileged user whe...
CVE-2017-5567
Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbi...
CVE-2016-4025
Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus ...
CVE-2015-8620
Heap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privileges via a Unicode file path in an IOCTL request.
CVE-2016-3986
Avast allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted PE file, related to authenticode parsing.
CVE-2015-5662
Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive.

Copyright 2019, cxsecurity.com

 

Back to Top