PT-2024-38196 · Avg · Avg Antivirus Free
Izobashi
+3
·
Published
2024-07-29
·
Updated
2024-12-19
·
CVE-2024-7236
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
AVG AntiVirus Free (affected versions not specified)
Description
This issue allows local attackers to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system to exploit this issue. The specific flaw exists within the AVG Installer, where an attacker can abuse the update functionality to create a file by creating a symbolic link. This can be leveraged to create a persistent denial-of-service condition on the system.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avg Antivirus Free