Local Privilege Escalation Vulnerability in Avira Prime by Avira
CVE-2023-51636

Currently unrated

Key Information:

Vendor: Avira
Status: Avira Prime
Vendor: CVE Published:; 22 May 2024

What is CVE-2023-51636?

The vulnerability in Avira Prime's Spotlight Service allows local attackers to elevate their privileges. By executing low-privileged code, an attacker can create a symbolic link to manipulate the service into deleting critical files. This exploitation ultimately enables the attacker to escalate their privileges and execute arbitrary code with SYSTEM level access, significantly increasing the risk of unauthorized actions on the affected system.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-469/

Timeline

Vulnerability published
May 22, 2024