CyberSec.Space Logo
Back to CVE Browser

CVE-2010-3126

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0700%
EPSS Percentile6.90th
PublishedAug 26, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) file.

Affected Platforms (CPE)

πŸ“¦
Avast

Avast Antivirus Free

<= 5.0.594

References & Advisories

πŸ”— http://secunia.com/advisories/41109
πŸ”— http://www.exploit-db.com/exploits/14743
πŸ”— http://www.vupen.com/english/advisories/2010/2175
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7193
πŸ”— http://secunia.com/advisories/41109
πŸ”— http://www.exploit-db.com/exploits/14743
πŸ”— http://www.vupen.com/english/advisories/2010/2175
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7193

Related Vulnerabilities

CVE-2015-86207.8

Heap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and...

CVE-2018-125727.8

Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive...

CVE-2017-55676.7

Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and ea...

CVE-2019-186536.1

A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3....

CVE-2010-3126 Detail & Impact Analysis | CVSS 9.3 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space