CVE-2017-8308
HIGHAvast Antivirus < 12.3.2279 - Unauthenticated Privilege Escalation via Trusted Process Bypass
Title source: llmDescription
In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. This bypasses the Self-Defense feature of the product, opening a door to subsequent attack on many of its components.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98084
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Avast-Antivirus/?fid=9201
Scores
CVSS v3
7.5
EPSS
0.0133
EPSS Percentile
67.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-269
Status
published
Products (1)
avast/antivirus
< 12.3.2279
Published
Apr 27, 2017
Tracked Since
Feb 18, 2026