CyberSec.Space Logo
Back to CVE Browser

CVE-2017-8307

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0500%
EPSS Percentile14.85th
PublishedApr 27, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulnerability is exploitable by any unprivileged user when Avast Self-Defense is disabled. It is also exploitable in conjunction with CVE-2017-8308 when Avast Self-Defense is enabled. The vulnerability allows for Denial of Service attacks and hiding traces of a possible attack.

Affected Platforms (CPE)

πŸ“¦
Avast

Antivirus

<= 12.3.2279

References & Advisories

πŸ”— http://www.securityfocus.com/bid/98086
πŸ”— https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Avast-Antivirus/?fid=9201
πŸ”— http://www.securityfocus.com/bid/98086
πŸ”— https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Avast-Antivirus/?fid=9201

Related Vulnerabilities

CVE-2004-048710.0

A certain ActiveX control in Symantec Norton AntiVirus 2004 allows remote attackers to cause a denial of service (resource consump...

CVE-2005-169310.0

Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, e...

CVE-2000-079310.0

Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first use...

CVE-2005-201710.0

Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a h...