CyberSec.Space Logo
返回 CVE 浏览器

CVE-2010-3126

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0700%
EPSS Percentile6.90th
Published2010年8月26日
Last Modified2026年4月29日

Vulnerability Description

Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) file.

Affected Platforms (CPE)

📦
Avast

Avast Antivirus Free

<= 5.0.594

References & Advisories

🔗 http://secunia.com/advisories/41109
🔗 http://www.exploit-db.com/exploits/14743
🔗 http://www.vupen.com/english/advisories/2010/2175
🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7193
🔗 http://secunia.com/advisories/41109
🔗 http://www.exploit-db.com/exploits/14743
🔗 http://www.vupen.com/english/advisories/2010/2175
🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7193

相关漏洞威胁

CVE-2015-86207.8

Heap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and...

CVE-2018-125727.8

Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive...

CVE-2017-55676.7

Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and ea...

CVE-2019-186536.1

A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3....