CVE-2020-10865

HIGH

Avast Antivirus <20 - Privilege Escalation

Title source: llm

Description

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process.

References (3)

[Release Notes, Vendor Advisory] https://forum.avast.com/index.php?topic=232420.0

[Release Notes, Vendor Advisory] https://forum.avast.com/index.php?topic=232423.0

[Exploit, Third Party Advisory] https://github.com/umarfarook882/Avast_Multiple_Vulnerability_Disclosure/blob/master/README.md

View Exploit ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0038

EPSS Percentile 59.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-829

Status published

Products (1)

avast/antivirus < 20.0

Published Apr 01, 2020

Tracked Since Feb 18, 2026