Free Antivirus
CVE-2017-5567
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack.
AnalysisAI
Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-427. Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack. Affected products include: Avast Free Antivirus, Avast Internet Security, Avast Premier, Avast Pro Antivirus.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Free Antivirus
View allAn issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. Rated critical severity (CVSS 9.8), this vulnerab
Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), t
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), t
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), t
Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x
Avast Free Antivirus Link Following Denial-of-Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerabilit
An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to imprope
Avira Free Antivirus through 15.0.2005.1866 allows local users to discover user credentials. Rated medium severity (CVSS
Same weakness CWE-427 – Uncontrolled Search Path Element
View allShare
External POC / Exploit Code
Leaving vuln.today