ASA-2019-00594 – Avira Antivirus: DLL Preloading

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00594

Identifier(s)

ASA-2019-00594, CVE-2019-17449

Title

DLL Preloading

Vendor(s)

Avira GmbH

Product(s)

Avira Launcher

Avira Software Updater

Affected version(s)

Avira Launcher versions before 1.2.137
Avira Software Updater versions before 2.0.6.21094

Fixed version(s)

Avira Launcher version 1.2.137
Avira Software Updater version 2.0.6.21094

Proof of concept

Unknown

Description

The vulnerability give attackers the ability to load and execute malicious payloads within the context of Avira signed processes. This ability might be abused by an attacker for different purposes such as execution and evasion, for example: Application Whitelisting Bypass.

Technical details

Unknown

Credits

SafeBreach

Reference(s)

Avira Antivirus 2019 (4 Services) – DLL Preloading and Potential Abuses (CVE-2019-17449)
https://safebreach.com/Post/Avira-Antivirus-2019-4-Services-DLL-Preloading-and-Potential-Abuses-CVE-2019-17449

Avira Software Updater
https://support.avira.com/hc/en-us/articles/360000142857-Avira-Software-Updater

CVE-2019-17449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17449

CVE-2019-17449
https://nvd.nist.gov/vuln/detail/CVE-2019-17449

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: October 29, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.