DLL Preloading Vulnerability in Avast and AVG Antivirus Products
CVE-2019-17093

7.8HIGH

Key Information:

Vendor: Avg
Status: Anti-virus; Antivirus
Vendor: CVE Published:; 23 October 2019

What is CVE-2019-17093?

An issue identified in Avast and AVG antivirus products introduces a DLL preloading vulnerability that can potentially allow attackers to inject malicious code into systems. Specifically, the vulnerability allows the planting of the wbemcomn.dll file in the %WINDIR%\system32\ directory, which is then loaded into a protected-light process (PPL). This action may circumvent certain self-defense mechanisms of the antivirus software. The issue impacts components reliant on Windows Management Instrumentation (WMI), such as AVGSvc.exe and TuneupSmartScan.dll, particularly in versions prior to 19.8.

References

https://safebreach.com/blog

x_refsource_MISC

https://safebreach.com/Post/Avast-Antivirus-AVG-Antivirus...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 23, 2019
Vulnerability Reserved
Oct 2, 2019

Avg

What is CVE-2019-17093?

References

CVSS V3.1

Timeline