DLL Side-Loading Vulnerability in Avira Software Updater
CVE-2019-17449

6.7MEDIUM

Key Information:

Vendor: Avira
Status: Software Updater
Vendor: CVE Published:; 10 October 2019

What is CVE-2019-17449?

Avira Software Updater, prior to version 2.0.6.21094, is susceptible to a DLL side-loading vulnerability. An attacker could exploit this weakness to execute malicious code if they have obtained administrative access. Though the vendor posits that gaining SYSTEM privileges from this exploit is limited, the risk of exploitation underscores the importance of keeping software up to date to mitigate potential security threats.

References

https://support.avira.com/hc/en-us/articles/360000142857-...

x_refsource_MISC

https://safebreach.com/Post/Avira-Antivirus-2019-4-Servic...

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2019
Vulnerability Reserved
Oct 10, 2019