CVE-2017-8308Improper Privilege Management in Antivirus

CWE-269Improper Privilege Management3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 28.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Avast Antivirus
Timeline
PublishedApr 27
Latest updateMay 13

Description

In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. This bypasses the Self-Defense feature of the product, opening a door to subsequent attack on many of its components.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDavast/antivirus12.3.2279

🔴Vulnerability Details

2
GHSA
GHSA-hjj8-vwr9-34qh: In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the2022-05-13
CVEList
CVE-2017-8308: In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the2017-04-27
CVE-2017-8308 — Improper Privilege Management in Avast | cvebase