Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Code injection vulnerability in Avira Total Security Suite 15.0 (and earlier), Optimization Suite 15.0 (and earlier), Internet Security Suite 15.0 (and earlier), and Free Security Suite 15.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avira process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款Avira产品代码注入漏洞
Vulnerability Description
Avira Total Security Suite等都是德国Avira公司的病毒防护软件套件。 多款Avira产品中存在代码注入漏洞。本地攻击者可利用该漏洞绕过保护机制,执行任意代码。以下产品和版本受到影响:Avira Total Security Suite 15.0及之前的版本,Optimization Suite 15.0及之前的版本,Internet Security Suite 15.0及之前的版本,Free Security Suite 15.0及之前的版本。
CVSS Information
N/A
Vulnerability Type
N/A