Allele Security Alert
ASA-2019-00593
Identifier(s)
ASA-2019-00593, CVE-2019-17093
Title
DLL Preloading
Vendor(s)
Avast Software
AVG Technologies
Product(s)
Avast Antivirus
AVG Antivirus
Affected version(s)
Avast Antivirus versions before 19.8
AVG Antivirus versions before 19.8
Fixed version(s)
Avast Antivirus version 19.8
AVG Antivirus version 19.8
Proof of concept
Unknown
Description
A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms.
The vulnerability gives attackers the ability to load and execute malicious payloads using multiple signed services, within the context of AVG / Avast signed processes. This ability might be abused by an attacker for different purposes such as execution and evasion, for example: Application Whitelisting Bypass.
Technical details
Unknown
Credits
SafeBreach
Reference(s)
Avast Antivirus / AVG Antivirus – DLL Preloading into PPL and Potential Abuses
https://safebreach.com/Post/Avast-Antivirus-AVG-Antivirus-DLL-Preloading-into-PPL-and-Potential-Abuses
CVE-2019-17093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17093
CVE-2019-17093
https://nvd.nist.gov/vuln/detail/CVE-2019-17093
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: October 29, 2019