Code Injection Vulnerability in AVG Products by AVG Technologies
CVE-2017-5566

6.7MEDIUM

Key Information:

Vendor

Avg

Status
Internet Security
Ultimate
Anti-virus
Vendor
CVE Published:
21 March 2017

What is CVE-2017-5566?

A code injection vulnerability exists in AVG Ultimate, AVG Internet Security, and AVG AntiVirus FREE that allows local attackers to bypass self-protection mechanisms. By leveraging a 'DoubleAgent' attack, an attacker can inject arbitrary code into any AVG process, thereby gaining full control over it. This vulnerability arises because the affected products do not implement the Protected Processes feature, allowing attackers to manipulate Image File Execution Options in the registry. The self-protection mechanism, originally designed to prevent unauthorized modifications, can be circumvented by temporarily renaming critical registry entries during an attack.

References

http://cybellum.com/doubleagent-taking-full-control-antiv...
x_refsource_MISC
http://www.securityfocus.com/bid/97022
vdb-entryx_refsource_BID
http://cybellum.com/doubleagentzero-day-code-injection-an...
x_refsource_MISC

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-5566 : Code Injection Vulnerability in AVG Products by AVG Technologies