DLL Preloading Vulnerability in Avast and AVG Antivirus Products
CVE-2019-17093

7.8HIGH

Key Information:

Vendor

Avg

Status
Anti-virus
Antivirus
Vendor
CVE Published:
23 October 2019

What is CVE-2019-17093?

An issue identified in Avast and AVG antivirus products introduces a DLL preloading vulnerability that can potentially allow attackers to inject malicious code into systems. Specifically, the vulnerability allows the planting of the wbemcomn.dll file in the %WINDIR%\system32\ directory, which is then loaded into a protected-light process (PPL). This action may circumvent certain self-defense mechanisms of the antivirus software. The issue impacts components reliant on Windows Management Instrumentation (WMI), such as AVGSvc.exe and TuneupSmartScan.dll, particularly in versions prior to 19.8.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://safebreach.com/blog
x_refsource_MISC
https://safebreach.com/Post/Avast-Antivirus-AVG-Antivirus...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.