AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability
CVE-2024-7237

7.8HIGH

Key Information:

Vendor: Avg
Status: Antivirus Free
Vendor: CVE Published:; 22 November 2024

What is CVE-2024-7237?

A local privilege escalation vulnerability is present in AVG AntiVirus Free through a flaw in the AVG Service. Attackers with low-privileged access can create a symbolic link, allowing them to manipulate files and directories the service interacts with. By exploiting this flaw, it's possible for an attacker to elevate their privileges and execute arbitrary code with SYSTEM-level access, which could lead to significant compromises of the affected system's security.

Affected Version(s)

AntiVirus Free 23.12.8700.813

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1007/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2024

Avg

What is CVE-2024-7237?

Affected Version(s)

References

CVSS V3.1

Timeline