Vulnerability Details CVE-2017-8308
In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. This bypasses the Self-Defense feature of the product, opening a door to subsequent attack on many of its components.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.securityfocus.com/bid/98084
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Avast-Antivirus/?fid=9201
- http://www.securityfocus.com/bid/98084
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Avast-Antivirus/?fid=9201
Products affected by CVE-2017-8308
-
cpe:2.3:a:avast:antivirus:12.1.2272
-
cpe:2.3:a:avast:antivirus:12.2.2276
-
cpe:2.3:a:avast:antivirus:12.3.2279
-
cpe:2.3:a:avast:antivirus:8.0.1489
-
cpe:2.3:a:avast:antivirus:8.0.1497
-
cpe:2.3:a:avast:antivirus:8.0.1500
-
cpe:2.3:a:avast:antivirus:8.0.1501
-
cpe:2.3:a:avast:antivirus:8.0.1504
-
cpe:2.3:a:avast:antivirus:8.0.1506