{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-5102", "ASSIGNER": "security@nortonlifelock.com", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\\SYSTEM.\u00a0The vulnerability exists within the \"Repair\" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\\SYSTEM. A\u00a0low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provide a low-privileged user an Elevation of Privilege to win a race-condition which will re-create the system files and make Windows callback to a specially-crafted file which could be used to launch a privileged shell instance.\n\nThis issue affects Avast Antivirus prior to 24.2." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-1284 Improper Validation of Specified Quantity in Input", "cweId": "CWE-1284" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Avast", "product": { "product_data": [ { "product_name": "Antivirus", "version": { "version_data": [ { "version_affected": "=", "version_value": "24.2" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://support.norton.com/sp/static/external/tools/security-advisories.html", "refsource": "MISC", "name": "https://support.norton.com/sp/static/external/tools/security-advisories.html" } ] }, "generator": { "engine": "Vulnogram 0.2.0" }, "source": { "discovery": "UNKNOWN" }, "credits": [ { "lang": "en", "value": "Naor Hodorov" } ] }