A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.This issue affects Avast/Avg Antivirus: 23.8.
Max CVSS
8.2
EPSS Score
0.04%
Published
2023-11-08
Updated
2023-11-16
Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast and AVG Antivirus version 22.11
Max CVSS
5.8
EPSS Score
0.04%
Published
2023-04-19
Updated
2023-04-29
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11
Max CVSS
6.5
EPSS Score
0.04%
Published
2023-04-19
Updated
2023-05-01
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later.
Max CVSS
6.5
EPSS Score
0.04%
Published
2023-04-19
Updated
2023-05-01
Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file.
Max CVSS
6.5
EPSS Score
0.04%
Published
2022-05-20
Updated
2022-05-26
An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file.
Max CVSS
7.1
EPSS Score
0.06%
Published
2022-05-20
Updated
2022-06-02
Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-01-10
Updated
2023-01-14
The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component.
Max CVSS
10.0
EPSS Score
0.17%
Published
2022-12-08
Updated
2023-06-27
A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10.
Max CVSS
8.8
EPSS Score
0.09%
Published
2022-12-06
Updated
2022-12-07
Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast self-defense.
Max CVSS
7.8
EPSS Score
0.04%
Published
2021-12-27
Updated
2022-07-12
Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security.
Max CVSS
7.8
EPSS Score
0.04%
Published
2021-12-27
Updated
2022-07-12
Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process wsc_proxy.exe which could lead to acquire antimalware (AM-PPL) protection.
Max CVSS
8.8
EPSS Score
0.04%
Published
2021-12-27
Updated
2022-07-12
Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges.
Max CVSS
8.8
EPSS Score
0.05%
Published
2021-12-27
Updated
2022-07-12
Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files.
Max CVSS
8.8
EPSS Score
0.04%
Published
2021-12-27
Updated
2022-01-07
This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AvastSvc.exe module. By creating a directory junction, an attacker can abuse the service to delete a directory. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12082.
Max CVSS
6.1
EPSS Score
0.05%
Published
2021-03-29
Updated
2021-04-01
The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions).
Max CVSS
5.5
EPSS Score
0.04%
Published
2020-09-13
Updated
2020-09-17
An issue was discovered in retdec v3.3. In function canSplitFunctionOn() of ir_modifications.cpp, there is a possible out of bounds read due to a heap buffer overflow. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution.
Max CVSS
9.8
EPSS Score
0.30%
Published
2021-04-21
Updated
2021-04-26
Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-07-11
Updated
2023-07-18
An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation.
Max CVSS
5.5
EPSS Score
0.04%
Published
2020-09-10
Updated
2021-07-21
An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. The vulnerability allows local users to take control of arbitrary files.
Max CVSS
5.5
EPSS Score
0.04%
Published
2020-06-29
Updated
2021-07-21
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to launch the Repair App RPC call from a Low Integrity process.
Max CVSS
7.5
EPSS Score
0.15%
Published
2020-04-01
Updated
2021-07-21
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to bypass intended access restrictions on tasks from an untrusted process, when Self Defense is enabled.
Max CVSS
9.8
EPSS Score
0.42%
Published
2020-04-01
Updated
2020-04-02
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to enumerate the network interfaces and access points from a Low Integrity process via RPC.
Max CVSS
7.5
EPSS Score
0.22%
Published
2020-04-01
Updated
2020-04-02
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process.
Max CVSS
7.5
EPSS Score
0.15%
Published
2020-04-01
Updated
2020-04-02
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a reboot via RPC from a Low Integrity process.
Max CVSS
6.5
EPSS Score
0.18%
Published
2020-04-01
Updated
2021-07-21
57 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!