Описание
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process.
Ссылки
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 20.0 (исключая)
Одновременно
cpe:2.3:a:avast:antivirus:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00379
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-829
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process.
EPSS
Процентиль: 59%
0.00379
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-829