CVE-2023-42125

Name of the Vulnerable Software and Affected Versions Avast Premium Security (affected versions not specified)

Description The issue is related to insufficient access control in the isolated environment when handling namespace objects. Exploitation of this flaw can allow an attacker to escalate privileges and execute arbitrary code. The vulnerability exists within the implementation of the sandbox feature, where an attacker can create a symbolic link to abuse the service and create arbitrary namespace objects, leading to privilege escalation and arbitrary code execution in the context of SYSTEM. An attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.