3 matches found
CVE-2019-11230
In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. The next time the product attempts to write to the log file, the target of the symlink is renamed. This defect can be exploited to rename...
Avast Antivirus < 19.4 Link Following Vulnerability - Windows
Avast Antivirus is prone to a link following vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:avast:antivirus";...
CVE-2019-11230
CVE-2019-11230 affects Avast Antivirus prior to 19.4. A local administrator can exploit a symlink in Logs\Update.log to cause the product to rename arbitrary files. The next write to the log file renames the symlink target and can be used to rename a critical binary (e.g., AvastSvc.exe), leading ...