THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-5102

Elevation of Privelage via symlinked file in Avast Antivirus

Reserved:2024-05-18
Published:2024-06-10
Updated:2024-06-11

Description

A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provide a low-privileged user an Elevation of Privilege to win a race-condition which will re-create the system files and make Windows callback to a specially-crafted file which could be used to launch a privileged shell instance. This issue affects Avast Antivirus prior to 24.2.



HIGH: 7.3CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-1284 Improper Validation of Specified Quantity in Input

Product status

Default status
unaffected

24.2
affected

Credits

Naor Hodorov finder

References

https://support.norton.com/sp/static/external/tools/security-advisories.html

cve.org CVE-2024-5102

nvd.nist.gov CVE-2024-5102

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-5102