漏洞标题
Avast Premium Security 沙箱保护不正确的授权权限提升漏洞
漏洞描述信息
Avast高级安全沙箱保护错误授权特权提升漏洞。此漏洞允许本地攻击者在受影响的Avast高级安全安装中提升权限。
攻击者必须首先获得在目标系统上执行低权限代码的能力,才能利用此漏洞。
具体漏洞存在于沙箱功能的实现中。问题源于授权不正确。攻击者可以利用此漏洞提升权限,并以中等完整性级别在沙箱外部执行任意代码。该漏洞被标识为ZDI-CAN-20178。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
授权机制不正确
漏洞标题
Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability
漏洞描述信息
Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the implementation of the sandbox feature. The issue results from incorrect authorization. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code outside the sandbox at medium integrity.
. Was ZDI-CAN-20178.
CVSS信息
N/A
漏洞类别
授权机制不正确
漏洞标题
Avast Premium Security 安全漏洞
漏洞描述信息
Avast Premium Security是捷克Avast公司的一个应用软件。用于全面扫描网站漏洞。 Avast Premium Security存在安全漏洞,该漏洞源于存在不正确的授权权限提升漏洞,允许本地攻击者在受影响的安装上提升权限。
CVSS信息
N/A
漏洞类别
其他