Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Grisoft AVG Free 7.1, and other versions including 7.0.308, sets Everyone/Full Control permissions for certain update files including (1) upd_vers.cfg, (2) incavi.avm, and (3) unspecified drivers, which might allow local users to gain privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
AVG Anti-Virus本地不安全权限设置漏洞
Vulnerability Description
AVG Anti-Virus是一款功能完备的杀毒软件。 AVG 7在处理文件的升级时存在权限设置漏洞,本地攻击者可能利用此漏洞执行权限提升攻击。 在初次安装AVG 7时 \Program\Files\Grisoft\AVG Free 默认从 \Program Files 继承权限,这样低权限帐号无法破坏文件。但升级了任何文件后,更新文件的权限就会把 Everyone 更改为Full Control,并更改登录用户的所有者,即使受限用户也可以成为所有者,导致可以控制\Program Files\Grisof
CVSS Information
N/A
Vulnerability Type
N/A