Allele Security Alert
Avast Antivirus versions before 19.8
AVG Antivirus versions before 19.8
Avast Antivirus version 19.8
AVG Antivirus version 19.8
Proof of concept
A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms.
The vulnerability gives attackers the ability to load and execute malicious payloads using multiple signed services, within the context of AVG / Avast signed processes. This ability might be abused by an attacker for different purposes such as execution and evasion, for example: Application Whitelisting Bypass.
Avast Antivirus / AVG Antivirus – DLL Preloading into PPL and Potential Abuses
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: October 29, 2019