Denial-of-Service Vulnerability in Avast Free Antivirus
CVE-2024-7228

5.5MEDIUM

Key Information:

Vendor: Avast
Status: Free Antivirus
Vendor: CVE Published:; 22 November 2024

What is CVE-2024-7228?

This vulnerability within Avast Free Antivirus allows local attackers to initiate a denial-of-service condition. By gaining access to execute low-privileged code on the target system, an attacker can create a symbolic link that exploits the Avast Service. This manipulation results in the creation of unintended folders, ultimately causing interruptions in the antivirus service and affecting system stability.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-999/

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2024