Vulnerabilities > AVG > Critical

DATE CVE VULNERABILITY TITLE RISK
2014-07-08 CVE-2014-2956 Permissions, Privileges, and Access Controls vulnerability in AVG Safeguard and Secure Search Toolbar
ScriptHelperApi in the AVG ScriptHelper ActiveX control in ScriptHelper.exe in AVG Secure Search toolbar before 18.1.7.598 and AVG Safeguard before 18.1.7.644 does not implement domain-based access control for method calls, which allows remote attackers to trigger the downloading and execution of arbitrary programs via a crafted web site.
network
avg CWE-264
critical
9.3
2009-05-22 CVE-2009-1784 Improper Input Validation vulnerability in AVG Anti-Virus
The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus products including Anti-Virus Network Edition, Internet Security Netzwerk Edition, Server Edition für Linux/FreeBSD, Anti-Virus SBS Edition, and others allows remote attackers to bypass malware detection via a crafted (1) RAR and (2) ZIP archive.
network
low complexity
avg CWE-20
critical
10.0
2008-12-12 CVE-2008-5530 Improper Input Validation vulnerability in multiple products
Ewido Security Suite 4.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
network
avg ewido microsoft CWE-20
critical
9.3
2008-12-12 CVE-2008-5522 Improper Input Validation vulnerability in AVG Antivirus 8.0.0.161
AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
network
avg microsoft CWE-20
critical
9.3