CVE-2024-6510 — Uncontrolled Search Path Element in Internet Security

CWE-427 — Uncontrolled Search Path Element CWE-732 — Incorrect Permission Assignment CWE-749 — Exposed Dangerous Method or Function4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 87.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AVG Internet Security

Timeline

PublishedSep 12

Description

Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDavg/internet_security< 24.1

▶CVEListV5avg/internet_security24.0

🔴Vulnerability Details

CVEList

Local privilege escalation vulnerability in AVG Internet Security↗2024-09-12

▶

GHSA

GHSA-r4pj-228r-7758: Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking↗2024-09-12

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2023-6510↗2023-12-05

▶