Avast - Premium Security
21.11.2500 (build 21.11.6809.528)
AvastSvc.exe
When the malware threat detection is triggered, a directory under C drive and a .db file will be created by "AvastSvc.exe". Since the directory is assigned with "Modify" privilege for "Authenticated Users", any unprivileged users could modify/write this Avast controlled directory. With this setup, an unprivileged user is able to achieve arbitrary file write by creating a symbolic link to a privileged location (e.g., C:\Windows\System32, C:\Program Files\Avast Software\Avast).
The vulnerability could allow unprivileged user to terminate the Avast antivirus and cause DOS to the affected system.
This vulnerability is patched since Avast Premium Security 22.1.
19-01-2022 Vulnerability reported to Avast.
22-01-2022 Initial response from Avast.
11-02-2022 Avast confirmed the vulnerability and released a patch for the product.