CVE-2024-5102
CVSS V2 None
CVSS V3 None
Description
A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provide a low-privileged user an Elevation of Privilege to win a race-condition which will re-create the system files and make Windows callback to a specially-crafted file which could be used to launch a privileged shell instance.
This issue affects Avast Antivirus prior to 24.2.
Overview
- CVE ID
- CVE-2024-5102
- Assigner
- NLOK
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-06-10T16:15:56.581Z
- Last Modified Date
- 2024-06-11T20:42:36.851Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://support.norton.com/sp/static/external/tools/security-advisories.html |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-5102 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5102 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 03:34:13 | Added to TrackCVE |