Avast · Avg/Avast Antivirus · CVE-2024-5803
Name of the Vulnerable Software and Affected Versions:
AVG/Avast Antivirus versions prior to 24.1
Description:
The issue allows a local attacker to escalate privileges via a COM hijack in a time-of-check to time-of-use (TOCTOU) scenario when self-protection is disabled. This occurs in the AVGUI.exe component of AVG/Avast Antivirus.
Recommendations:
For versions prior to 24.1, update to version 24.1 or later to resolve the issue. As a temporary workaround, consider enabling self-protection to minimize the risk of exploitation.