CVE-2024-5102

Name of the Vulnerable Software and Affected Versions: Avast Antivirus versions prior to 24.2

Description: A vulnerability exists within the "Repair" feature of Avast Antivirus, which attempts to delete a file in the current user's AppData directory as NT AUTHORITYSYSTEM. A low-privileged user can create a pseudo-symlink and a junction folder, pointing to a file on the system, allowing them to elevate their privilege and potentially delete arbitrary files or run processes as NT AUTHORITYSYSTEM. This can be achieved by exploiting a race-condition, which can lead to the recreation of system files and allow the execution of a specially-crafted file, potentially launching a privileged shell instance.

Recommendations: For Avast Antivirus versions prior to 24.2, update to version 24.2 or later to resolve the issue. As a temporary workaround, consider disabling the "Repair" feature in the settings until the update is applied. Restrict access to the AppData directory to minimize the risk of exploitation. Avoid using the "Repair" function until the issue is resolved.