Is avast vulnerable to AVGater?

polonus · 2017-11-13T14:53:53.000Z

Attacker can raise access rights via the chest?

Read here: https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/

When will avast patch against this leak? Trend Micro, Emsisoft, Kaspersky Lab, Malwarebytes, ZoneAlarm & Ikarus already did.

polonus

DavidR · 2017-11-13T15:06:33.000Z

Considering that the avast virus chest content is encrypted and the file name is changed (not to mention the self-defence module), I’m at a loss as to how this is gets round this.

Lisandro · 2017-11-13T23:59:02.000Z

No, Avast is not vulnerable.
Thanks Polunus for bringing this possible issue.

“From the security perspective, we are OK, as restore is done under user account who requested it, so no privilege escalation is possible”.
“And about the statement about weakening HTTPs security mentioned at the end of the article, I guess we have answered here: https://blog.avast.com/avasts-https-scanner-receives-a-rating”

(from Virus Lab)

jperl13 · 2017-11-14T20:17:03.000Z

Thanks polonus for putting “my theme” published in viruses and worms in the right place where it is best seen, thanks Lisandro for clarifying that avast is not vulnerable.

regards

https://forum.avast.com/index.php?topic=210805.0

Announcements