Vulnerabilities > CVE-2009-2761 - Local Security vulnerability in Antivir Security Suite

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

avira

NVD

Published: 2009-08-13

Updated: 2017-08-17

Summary

Unquoted Windows search path vulnerability in the scheduler (sched.exe) in Avira AntiVir, AntiVir Premium, Premium Security Suite, and AntiVir Professional might allow local users to gain privileges via a malicious antivir.exe file in the "C:\Program Files\avira\" directory.

Vulnerable Configurations

Part	Description	Count
Application	Avira Avira Antivir * Avira Antivir - Avira Antivir Security Suite -	4

References

http://archives.neohapsis.com/archives/bugtraq/2009-01/0146.html
http://blog.zoller.lu/2009/01/tzo-2009-2-avira-antivir-priviledge.html
http://www.osvdb.org/55647
http://www.vupen.com/english/advisories/2008/3130
https://exchange.xforce.ibmcloud.com/vulnerabilities/46568