AVG AntiVirus < 7.5.476 avg7core.sys Local Privilege Escalation

high Nessus Network Monitor Plugin ID 4131

Synopsis

The remote host is vulnerable to a local privilege escalation flaw.

Description

The remote host is running AVG Antivirus. This version of AVG is reported to be prone to a flaw where a local attacker can escalate privileges and gain administrative access to the application or system. An attacker exploiting this flaw would need to be locally authenticated. Successful exploitation would result in the attacker gaining SYSTEM access.

Solution

Upgrade to version 7.5.476 or higher.

See Also

http://www.grisoft.com/doc/31/us/crp/0?prd=avw

Plugin Details

Severity: High

ID: 4131

Family: Web Clients

Published: 7/11/2007

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.4

Temporal Score: 7.3

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:grisoft:avg_antivirus

Reference Information

CVE: CVE-2007-3777

BID: 24870