CVE-2024-5102

June 10, 2024, 6:06 p.m.

None
No Score

Description

A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provide a low-privileged user an Elevation of Privilege to win a race-condition which will re-create the system files and make Windows callback to a specially-crafted file which could be used to launch a privileged shell instance. This issue affects Avast Antivirus prior to 24.2.

Product(s) Impacted

Product Versions
Avast Antivirus
  • before 24.2

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://support.norton.com/sp/static/external/tools/security-advisories.html

Tags

CWE-1284
2024-06-10
CVE-2024-5102
security@nortonlifelock.com

Timeline

Published: June 10, 2024, 5:16 p.m.
Last Modified: June 10, 2024, 6:06 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

security@nortonlifelock.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.