CVE-2010-3126

avast! Free Antivirus <5.0.594 - RCE

Title source: llm

Description

Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) file.

Exploits (1)

exploitdb WORKING POC

by diwr · clocalwindows

https://www.exploit-db.com/exploits/14743

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/41109

[Exploit] http://www.exploit-db.com/exploits/14743

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/2175

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7193

Scores

EPSS 0.0170

EPSS Percentile 82.3%

Details

Status published

Products (1)

avast/avast_antivirus_free < 5.0.594

Published Aug 26, 2010

Tracked Since Feb 18, 2026