Code Injection Vulnerability in Avira Total Security and Optimization Suites
CVE-2017-6417

6.7MEDIUM

Key Information:

Vendor

Avira

Status
Internet Security Suite
Free Security Suite
Total Security Suite
Optimization Suite
Vendor
CVE Published:
21 March 2017

What is CVE-2017-6417?

A code injection vulnerability exists in several versions of Avira Total Security and Optimization Suites, allowing local attackers to exploit a weakness in the self-protection mechanism of these products. By leveraging a 'DoubleAgent' attack, an attacker can bypass protections, inject arbitrary code, and gain control over Avira processes. This vulnerability arises mainly because the affected products do not utilize the Protected Processes feature. Consequently, attackers can manipulate the Image File Execution Options in the Windows registry to load a malicious DLL. The intended self-protection functionality, designed to prevent unauthorized local modifications, can be circumvented, allowing unauthorized access and potential damage.

References

http://cybellum.com/doubleagent-taking-full-control-antiv...
x_refsource_MISC
http://cybellum.com/doubleagentzero-day-code-injection-an...
x_refsource_MISC
http://www.securityfocus.com/bid/97021
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.