漏洞标题
N/A
漏洞描述信息
在Avast Premier 12.3(及更早版本)、Internet Security 12.3(及更早版本)、Pro Antivirus 12.3(及更早版本)和Free Antivirus 12.3(及更早版本)中,存在代码注入漏洞,通过“双重代理”攻击,本地攻击者可以绕过自我保护机制,注入任意代码,并完全控制任何Avast进程。对这一问题的另一种看法是:(1)这些产品不使用保护进程功能,因此攻击者可以在注册表中的Image File Execution Options下输入任意Application Verifier Provider DLL;(2)自我保护机制旨在阻止所有本地进程(不论权限)修改这些产品 Image File Execution Options;(3)攻击者可以通过在攻击过程中临时重命名Image File Execution Options来绕过此机制。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
多款Avast产品安全漏洞
漏洞描述信息
Avast Premier等都是捷克爱维士(Avast)公司的杀毒软件。 多款Avast产品中存在代码注入漏洞。本地攻击者可利用该漏洞绕过保护机制,执行任意代码。以下产品和版本受到影响:Avast Premier 12.3及之前的版本,Internet Security 12.3及之前的版本,Pro Antivirus 12.3及之前的版本,Free Antivirus 12.3及之前的版本。
CVSS信息
N/A
漏洞类别
代码问题