PT-2020-12384 · Avast · Avast Antivirus
Umar Farook
·
Published
2020-04-01
·
Updated
2020-04-02
·
CVE-2020-10865
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Avast Antivirus versions prior to 20
Description
An issue was discovered that allows attackers to make arbitrary changes to the Components section of the Stats.ini file via the "aswTask" RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) from a Low Integrity process.
Recommendations
For versions prior to 20, update to version 20 or later to resolve the issue. As a temporary workaround, consider restricting access to the aswTask RPC endpoint to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avast Antivirus