Vulnerabilities > CVE-2020-10865 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Avast Antivirus

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

avast

CWE-829

NVD

Published: 2020-04-01

Updated: 2020-04-02

Summary

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process.

Vulnerable Configurations

Part	Description	Count
Application	Avast Avast Antivirus 8.0.1489 Avast Antivirus 8.0.1497 Avast Antivirus 8.0.1500 Avast Antivirus 8.0.1501 Avast Antivirus 8.0.1504 Avast Antivirus 8.0.1506 Avast Antivirus 12.1.2272 Avast Antivirus 12.2.2276 Avast Antivirus 12.3.2279 Avast Antivirus 17.1.2286 Avast Antivirus 17.2.2288 Avast Antivirus 17.3.2290 Avast Antivirus 17.3.2291 Avast Antivirus 17.4.2294 Avast Antivirus 17.5.2302 Avast Antivirus 17.6.2310 Avast Antivirus 17.7.2314 Avast Antivirus 17.8.2318 Avast Antivirus 17.9.2322 Avast Antivirus 18.1.2326 Avast Antivirus 18.2.2328 Avast Antivirus 18.3.2333 Avast Antivirus 18.4.2338 Avast Antivirus 18.5.2342 Avast Antivirus 18.6.2349 Avast Antivirus 18.7.2354 Avast Antivirus 18.8.2356 Avast Antivirus 19.1 Avast Antivirus 19.3.2369 Avast Antivirus 19.4 Avast Antivirus 19.4.2374 Avast Antivirus 19.5.2378 Avast Antivirus 19.6.2383 Avast Antivirus 19.7 Avast Antivirus 19.7.2388 Avast Antivirus 19.8 Avast Antivirus 19.8.2393	39
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References