CVE-2024-7227

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Dec 9, 2024
CWE ID 59

Summary

CVE-2024-7227 is a local privilege escalation vulnerability affecting Avast Free Antivirus. This issue lies in the Avast Service and allows an attacker to escalate privileges by creating a symbolic link. To exploit this vulnerability, an attacker must first gain the ability to execute low-privileged code on the targeted system. By manipulating the symbolic link, an attacker can delete a file, which in turn enables them to escalate privileges and execute arbitrary code with SYSTEM-level access. This vulnerability, identified as ZDI-CAN-22272, poses a significant risk to affected installations of Avast Free Antivirus.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Avast Free Antivirus

Affected Vendors

  • Avast