ID CVE-2010-3126
Summary Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) file. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 - 'Untrusted Search Path Vulnerability'
References
Vulnerable Configurations
  • cpe:2.3:a:avast:avast_antivirus_free:5.0.594:*:*:*:*:*:*:*
    cpe:2.3:a:avast:avast_antivirus_free:5.0.594:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 19-09-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2011-08-22T04:02:11.430-04:00
class vulnerability
contributors
  • name SecPod Team
    organization SecPod Technologies
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
comment Avast! AntiVirus for Windows is installed
oval oval:org.mitre.oval:def:6558
description Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) file.
family windows
id oval:org.mitre.oval:def:7193
status accepted
submitted 2010-09-23T14:44:35
title Untrusted search path vulnerability via a Trojan horse mfc90loc.dll in avast! Free Antivirus version less than or equal to 5.0.594
version 7
refmap via4
exploit-db 14743
secunia 41109
vupen ADV-2010-2175
Last major update 19-09-2017 - 01:31
Published 26-08-2010 - 18:36
Last modified 19-09-2017 - 01:31
Back to Top