SB2020012728 - Privilege escalation in Avast Secure Browser

Description

This security bulletin contains information about 1 security vulnerability.

1) Windows Hard Link (CVE-ID: CVE-2019-17190)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to software sets insecure permission to C:\ProgramData\AVAST SOFTWARE\Browser\Update\Update.ini file. This file is used during application update procedure and its permissions are replaced by the "AvastBrowserUpdate.exe" program, which runs under "NT AUTHORITY\SYSTEM" account. A local user can create a hard link from the Update.ini file to any file on the system and replace permissions of arbitrary file.

Successful exploitation of the vulnerability may allow an attacker to escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• http://seclists.org/fulldisclosure/2020/Mar/25
• https://www.avast.com/bug-bounty-credits/en/a-tribute-to-our-security-research-community
• https://sidechannel.tempestsi.com/vulnerability-in-avast-secure-browser-enables-escalation-of-privileges-on-windows-eb770d196c45