Local Privilege Escalation Vulnerability in Avira AntiVir Products
CVE-2009-2761

Currently unrated

Key Information:

Vendor: Avira
Status: Antivir; Antivir Security Suite
Vendor: CVE Published:; 13 August 2009

What is CVE-2009-2761?

The vulnerability in Avira AntiVir and its associated products arises from an unquoted search path in the scheduler (sched.exe). This flaw allows local users to execute a malicious file named antivir.exe placed within the 'C:\Program Files\avira' directory, potentially leading to escalated privileges. Users should remain vigilant and ensure that proper file path quoting is implemented to mitigate this security risk.

References

http://www.osvdb.org/55647

vdb-entryx_refsource_OSVDB

http://www.vupen.com/english/advisories/2008/3130

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/46568

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2009
Vulnerability Reserved
Aug 13, 2009