CVE-2017-5566

Name of the Vulnerable Software and Affected Versions AVG Ultimate versions 17.1 and earlier AVG Internet Security versions 17.1 and earlier AVG AntiVirus FREE versions 17.1 and earlier

Description A code injection issue allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any AVG process via a "DoubleAgent" attack. This is possible because the products do not use the Protected Processes feature, allowing an attacker to enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry. The self-protection mechanism, intended to block local processes from modifying Image File Execution Options, can be bypassed by temporarily renaming Image File Execution Options during the attack.

Recommendations For AVG Ultimate versions 17.1 and earlier, consider disabling the self-protection mechanism temporarily and restricting access to the registry to minimize the risk of exploitation. For AVG Internet Security versions 17.1 and earlier, avoid using the Application Verifier Provider DLL until the issue is resolved. For AVG AntiVirus FREE versions 17.1 and earlier, restrict access to the Image File Execution Options in the registry to prevent arbitrary code injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.