CVE-2019-17449
MEDIUMAvira Software Updater < 2.0.6.21094 - DLL Side-Loading via Untrusted Search Path
Title source: llmDescription
Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. NOTE: The vendor thinks that this vulnerability is invalid because exploiting it would require at least administrator privileges and would gain only SYSTEM privileges
References (2)
Core 2
Core References
Release Notes x_refsource_misc
https://support.avira.com/hc/en-us/articles/360000142857-Avira-Software-Updater
Various Sources x_refsource_misc
https://safebreach.com/Post/Avira-Antivirus-2019-4-Services-DLL-Preloading-and-Potential-Abuses-CVE-2019-17449
Scores
CVSS v3
6.7
EPSS
0.0040
EPSS Percentile
31.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-426
Status
published
Products (1)
avira/software_updater
< 2.0.6.21094
Published
Oct 10, 2019
Tracked Since
Feb 18, 2026