Vulnerability Description
In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulnerability is exploitable by any unprivileged user when Avast Self-Defense is disabled. It is also exploitable in conjunction with CVE-2017-8308 when Avast Self-Defense is enabled. The vulnerability allows for Denial of Service attacks and hiding traces of a possible attack.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avast | Antivirus | <= 12.3.2279 |
References
- http://www.securityfocus.com/bid/98086Third Party AdvisoryVDB Entry
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-VulnExploitTechnical DescriptionThird Party Advisory
- http://www.securityfocus.com/bid/98086Third Party AdvisoryVDB Entry
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-VulnExploitTechnical DescriptionThird Party Advisory
FAQ
What is CVE-2017-8307?
CVE-2017-8307 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulnera...
How severe is CVE-2017-8307?
CVE-2017-8307 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-8307?
Check the references section above for vendor advisories and patch information. Affected products include: Avast Antivirus.