Vulnerabilities > CVE-2017-8307 - Unspecified vulnerability in Avast Antivirus

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

avast

critical

NVD

Published: 2017-04-27

Updated: 2019-10-03

Summary

In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulnerability is exploitable by any unprivileged user when Avast Self-Defense is disabled. It is also exploitable in conjunction with CVE-2017-8308 when Avast Self-Defense is enabled. The vulnerability allows for Denial of Service attacks and hiding traces of a possible attack.

Vulnerable Configurations

Part	Description	Count
Application	Avast Avast Antivirus 8.0.1489 Avast Antivirus 8.0.1497 Avast Antivirus 8.0.1500 Avast Antivirus 8.0.1501 Avast Antivirus 8.0.1504 Avast Antivirus 8.0.1506 Avast Antivirus 12.1.2272 Avast Antivirus 12.2.2276 Avast Antivirus 12.3.2279	9

Summary

Vulnerable Configurations

References