CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-8961

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0140%
EPSS Percentile43.72th
Published2020年4月9日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a file at a specific location, and pass this event to the driver, thereby defeating the anti-virus functionality.

Affected Platforms (CPE)

📦
Avira

Free Antivirus

< 15.0.2004.1825

References & Advisories

🔗 https://support.avira.com/hc/en-us/articles/360000109798-Avira-Antivirus-for-Windows
🔗 https://support.avira.com/hc/en-us/articles/360000109798-Avira-Antivirus-for-Windows

関連する脆弱性情報

CVE-2008-54099.3

Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Intern...

CVE-2010-31269.3

Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote a...

CVE-2019-185688.8

Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricte...

CVE-2019-152957.8

An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender An...