CVE-2019-17093Uncontrolled Search Path Element in Antivirus

CWE-427Uncontrolled Search Path ElementCWE-426Untrusted Search Path3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 86.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Avast AntivirusAVG Anti-virus
Timeline
PublishedOct 23
Latest updateMay 24

Description

An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms. This affects all components that use WMI, e.g., AVGSvc.exe 19.6.4546.0 and TuneupSmartScan.dll 19.1.884.0.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDavast/antivirus< 19.8
NVDavg/anti-virus< 19.8

🔴Vulnerability Details

2
GHSA
GHSA-r8m5-8wc4-vhp3: An issue was discovered in Avast antivirus before 192022-05-24
CVEList
CVE-2019-17093: An issue was discovered in Avast antivirus before 192019-10-23
CVE-2019-17093 — Uncontrolled Search Path Element | cvebase