Published: 21/03/2017 Updated: 03/10/2019

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Code injection vulnerability in AVG Ultimate 17.1 (and previous versions), AVG Internet Security 17.1 (and previous versions), and AVG AntiVirus FREE 17.1 (and previous versions) allows a local malicious user to bypass a self-protection mechanism, inject arbitrary code, and take full control of any AVG process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
avg ultimate 17.1
avg internet security 17.1
avg anti-virus 17.1

Microsoft's 'Application Verifier' bug-finder is easily pwnable

The Register • Richard Chirgwin • 22 Mar 2017

Undocumented feature allows installation of persistent malware

Updated “Don't create undocumented features” should be tattooed in the corner of every developer's eye: there's one in the Microsoft Application Verifier Provider that provides attack vectors on everything Windows since XP. Cybellum, which discovered the feature, has focussed on attacking anti-virus first, but says its DoubleAgent attack could also be used to inject persistent malware on a target, hijack permissions, modify process behaviours, and attack other users' sessions. What the resea...

CVE-2017-5566

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect