Avast Antivirus Local DOS

A bug in Avast Antivirus (fixed in v19.4) allows an attacker with local administrator privileges to cause Avast to fail to start. Avast can be tricked into renaming any of its files by replacing a log file with a symlink pointing to an Avast file. The next time Avast attempts to write to the log file, the target of the symlink is renamed. This defect can be exploited to rename critical binaries such as “AvastSvc.exe”, causing Avast to fail to start on the next system restart. This vulnerability bypasses Avast’s ‘self-defense’ mechanism which prevents administrators from tampering with critical Avast files.

Read More