Vulnerabilities > CVE-2010-3126 - Unspecified vulnerability in Avast Antivirus Free 5.0.594

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
avast
critical
exploit available

Summary

Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) file. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 - 'Untrusted Search Path Vulnerability'

Vulnerable Configurations

Part Description Count
Application
Avast
1

Exploit-Db

descriptionavast! <= 5.0.594 license files DLL Hijacking Exploit (mfc90loc.dll). CVE-2010-3126. Local exploit for windows platform
fileexploits/windows/local/14743.c
idEDB-ID:14743
last seen2016-02-01
modified2010-08-25
platformwindows
port
published2010-08-25
reporterdiwr
sourcehttps://www.exploit-db.com/download/14743/
titleavast! <= 5.0.594 license files DLL Hijacking Exploit mfc90loc.dll
typelocal

Oval

accepted2011-08-22T04:02:11.430-04:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • nameShane Shaffer
    organizationG2, Inc.
definition_extensions
commentAvast! AntiVirus for Windows is installed
ovaloval:org.mitre.oval:def:6558
descriptionUntrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) file.
familywindows
idoval:org.mitre.oval:def:7193
statusaccepted
submitted2010-09-23T14:44:35
titleUntrusted search path vulnerability via a Trojan horse mfc90loc.dll in avast! Free Antivirus version less than or equal to 5.0.594
version7