CVE-2022-AVAST1 (Arbitrary File Write that Leads to Defense Evasion and DOS)
Product
Avast - Premium Security
Version
21.11.2500 (build 21.11.6809.528)
Vulnerable Component
AvastSvc.exe
Description
When the malware threat detection is triggered, a directory under C drive and a .db file will be created by "AvastSvc.exe". Since the directory is assigned with "Modify" privilege for "Authenticated Users", any unprivileged users could modify/write this Avast controlled directory. With this setup, an unprivileged user is able to achieve arbitrary file write by creating a symbolic link to a privileged location (e.g., C:\Windows\System32, C:\Program Files\Avast Software\Avast).
Impact
The vulnerability could allow unprivileged user to terminate the Avast antivirus and cause DOS to the affected system.
Resolution
This vulnerability is patched since Avast Premium Security 22.1.
Disclosure Timeline
19-01-2022 Vulnerability reported to Avast.
22-01-2022 Initial response from Avast.
11-02-2022 Avast confirmed the vulnerability and released a patch for the product.