AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability
CVE-2024-7234

7.8HIGH

Key Information:

Vendor: Avg
Status: Antivirus Free
Vendor: CVE Published:; 22 November 2024

What is CVE-2024-7234?

A local privilege escalation vulnerability exists in AVG AntiVirus Free that allows attackers to gain elevated access rights. This flaw is due to inadequate validation in the AVG Service, which can be exploited by creating symbolic links. Attackers with low-privileged access on the target system can leverage this vulnerability to delete critical files and execute arbitrary code with high privileges, compromising system security. Effective remediation requires patching the affected versions of AVG AntiVirus Free to mitigate this vulnerability.

Affected Version(s)

AntiVirus Free 23.9.8494.795

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1008/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2024

Avg

What is CVE-2024-7234?

Affected Version(s)

References

CVSS V3.1

Timeline