#VU26291 Windows Hard Link in Avast Secure Browser - CVE-2019-17190
Published: March 21, 2020
Vulnerability identifier: #VU26291
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2019-17190
CWE-ID: CWE-65
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Avast Secure Browser
Avast Secure Browser
Software vendor:
Avast Software s.r.o.
Avast Software s.r.o.
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to software sets insecure permission to C:\ProgramData\AVAST SOFTWARE\Browser\Update\Update.ini file. This file is used during application update procedure and its permissions are replaced by the "AvastBrowserUpdate.exe" program, which runs under "NT AUTHORITY\SYSTEM" account. A local user can create a hard link from the Update.ini file to any file on the system and replace permissions of arbitrary file.
Successful exploitation of the vulnerability may allow an attacker to escalate privileges on the system.
Remediation
Install updates from vendor's website.