CVE-2023-51636

Name of the Vulnerable Software and Affected Versions Avira Prime (affected versions not specified)

Description The issue is related to the Avira Spotlight Service in Avira Prime, which incorrectly handles symbolic links before accessing a file. This can be exploited by a local attacker to escalate privileges and execute arbitrary code in the context of SYSTEM. The attacker must first obtain the ability to execute low-privileged code on the target system. The vulnerability allows an attacker to create a symbolic link and abuse the service to delete a file, leading to privilege escalation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.