Remote Code Execution Vulnerability in Avast Antivirus
CVE-2020-10864

6.5MEDIUM

Key Information:

Vendor

Avast

Status
Antivirus
Vendor
CVE Published:
1 April 2020

What is CVE-2020-10864?

A significant vulnerability exists in Avast Antivirus that exposes the platform to potential remote code execution. This weakness lies in the aswTask RPC endpoint of the TaskEx library within the Avast Service (AvastSvc.exe). It allows low integrity processes to trigger a system reboot via RPC calls, creating an opportunity for attackers to exploit this flaw and disrupt system functionality.

References

https://forum.avast.com/index.php?topic=232420.0
x_refsource_MISC
https://forum.avast.com/index.php?topic=232423.0
x_refsource_MISC
https://github.com/umarfarook882/Avast_Multiple_Vulnerabi...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.