Skip to main content

Antivirus CVE-2024-5102

HIGH
Improper Validation of Specified Quantity in Input (CWE-1284)
2024-06-10 security@nortonlifelock.com
7.3
CVSS 4.0 · Vendor: nortonlifelock
Share

Severity by source

Vendor (nortonlifelock) PRIMARY
7.3 HIGH
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (nortonlifelock) · only source for this CVE.

CVSS VectorVendor: nortonlifelock

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
A
Scope
X

Lifecycle Timeline

1
CVE Published
Jun 10, 2024 - 17:16 cve.org
HIGH 7.3

DescriptionCVE.org

A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provide a low-privileged user an Elevation of Privilege to win a race-condition which will re-create the system files and make Windows callback to a specially-crafted file which could be used to launch a privileged shell instance.

This issue affects Avast Antivirus prior to 24.2.

AnalysisAI

A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. Rated high severity (CVSS 7.3). No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-1284. A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provide a low-privileged user an Elevation of Privilege to win a race-condition which will re-create the system files and make Windows callback to a specially-crafted file which could be used to launch a privileged shell instance.2. Affected products include: Avast Antivirus. Version information: prior to 24.2..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2012-1461 MEDIUM
4.3 Mar 21

The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5

CVE-2012-1459 MEDIUM
4.3 Mar 21

The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7,

CVE-2012-1457 MEDIUM
4.3 Mar 21

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast!. Rated medium severity (CVSS 4.3), t

CVE-2012-1443 MEDIUM
4.3 Mar 21

The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVir

CVE-2017-8307 CRITICAL POC
9.8 Apr 27

In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible t

CVE-2017-17701 CRITICAL POC
9.8 Dec 15

K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request

CVE-2017-17700 CRITICAL POC
9.8 Dec 15

K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request

CVE-2017-17699 CRITICAL POC
9.8 Dec 15

K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request

CVE-2017-17465 CRITICAL POC
9.8 Dec 08

K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002574 DeviceIoControl request

CVE-2017-17464 CRITICAL POC
9.8 Dec 08

K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002570 DeviceIoControl request

CVE-2020-10867 CRITICAL POC
9.8 Apr 01

An issue was discovered in Avast Antivirus before 20. Rated critical severity (CVSS 9.8), this vulnerability is remotely

CVE-2021-45337 HIGH POC
8.8 Dec 27

Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with

Share

CVE-2024-5102 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy