Avast (6.0.1091, released 18 April 2011) as part of its setup installs Visual C++ 2008 SP1.
The version Avast installs is:
Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update
MS09-035 KB973544 (file version 9.0.30729.4148)
However on this month’s patch Tuesday (12th April), Microsoft released:
Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package MFC Security Update
MS11-025 KB2467174 (file version 9.0.30729.5570)
Hence as part of its setup Avast is making the system vulnerable to remote code execution.