CVE-2017-8307

Name of the Vulnerable Software and Affected Versions Avast Antivirus versions prior to 17

Description The issue allows unprivileged users to launch predefined binaries, replace or delete arbitrary files when Avast Self-Defense is disabled. It can also be exploited in conjunction with other vulnerabilities when Avast Self-Defense is enabled, allowing for Denial of Service attacks and hiding traces of a possible attack.

Recommendations For Avast Antivirus versions prior to 17, update to version 17 or later to resolve the issue. As a temporary workaround, consider enabling Avast Self-Defense to minimize the risk of exploitation. Restrict access to the LPC interface API exposed by the AvastSVC.exe Windows service to minimize the risk of exploitation.