CVE-2024-5102

A sym-linked file accessed via the repair function in Avast Antivirus troubleshooting - repair feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the...

CVE-2024-5102

The CVE-2024-5102 entry concerns Avast Antivirus prior to version 24.2. The issue resides in the Repair feature (Settings → Troubleshooting → Repair), which attempts to delete a file in the current user’s AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can craft a pseudo-symlink a...