CVE-2024-5803 β€” Time-of-check Time-of-use (TOCTOU) Race Condition in Avast Antivirus

CWE-367 β€” Time-of-check Time-of-use (TOCTOU) Race Condition3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 78.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
AVG Avast Antivirus
Timeline
PublishedOct 3

Description

The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use (TOCTOU) when self protection is disabled.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages1 packages

β–ΆCVEListV5avg/avast_antivirus<24.1

πŸ”΄Vulnerability Details

2
GHSA
GHSA-ccfh-v7cp-3943: The AVGUI↗2024-10-03
β–Ά
CVEList
Local privelage escalation via COM hijacking↗2024-10-03
β–Ά
CVE-2024-5803 β€” AVG Avast Antivirus vulnerability | cvebase