CVE-2017-5567

Name of the Vulnerable Software and Affected Versions Avast Premier versions 12.3 and earlier Avast Internet Security versions 12.3 and earlier Avast Pro Antivirus versions 12.3 and earlier Avast Free Antivirus versions 12.3 and earlier

Description A code injection issue allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process via a "DoubleAgent" attack. This is possible because the products do not use the Protected Processes feature, allowing an attacker to enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry. The self-protection mechanism, intended to block local processes from modifying Image File Execution Options, can be bypassed by temporarily renaming Image File Execution Options during the attack.

Recommendations For Avast Premier versions 12.3 and earlier, consider disabling the self-protection mechanism temporarily until a patch is available. For Avast Internet Security versions 12.3 and earlier, restrict access to the Image File Execution Options in the registry to minimize the risk of exploitation. For Avast Pro Antivirus versions 12.3 and earlier, avoid using arbitrary Application Verifier Provider DLLs under Image File Execution Options until the issue is resolved. For Avast Free Antivirus versions 12.3 and earlier, consider implementing additional security measures to prevent local attackers from modifying the registry.