Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款Avast产品安全漏洞
Vulnerability Description
Avast Premier等都是捷克爱维士(Avast)公司的杀毒软件。 多款Avast产品中存在代码注入漏洞。本地攻击者可利用该漏洞绕过保护机制,执行任意代码。以下产品和版本受到影响:Avast Premier 12.3及之前的版本,Internet Security 12.3及之前的版本,Pro Antivirus 12.3及之前的版本,Free Antivirus 12.3及之前的版本。
CVSS Information
N/A
Vulnerability Type
N/A