CVE-2024-5803
📋 TL;DR
This vulnerability allows a local attacker to escalate privileges via COM hijack in AVG/Avast Antivirus when self-protection is disabled. It affects users running vulnerable versions of these antivirus products on Windows systems. The attacker must already have local access to the system to exploit this flaw.
💻 Affected Systems
- AVG Antivirus
- Avast Antivirus
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker with local access gains SYSTEM/administrator privileges, enabling complete system compromise, data theft, malware persistence, and lateral movement.
Likely Case
Local privilege escalation allowing attackers to bypass security controls, install additional malware, or access protected resources.
If Mitigated
With self-protection enabled (default), the vulnerability cannot be exploited, maintaining normal security posture.
🎯 Exploit Status
Requires local access and self-protection disabled. TOCTOU race condition exploitation requires precise timing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 24.1 or later
Vendor Advisory: https://support.norton.com/sp/static/external/tools/security-advisories.html
Restart Required: Yes
Instructions:
1. Open AVG/Avast Antivirus. 2. Navigate to Settings > General > Update. 3. Click 'Check for updates'. 4. Install available updates. 5. Restart computer when prompted.
🔧 Temporary Workarounds
Enable Self-Protection
windowsEnsure the antivirus self-protection feature is enabled to prevent exploitation
Open AVG/Avast > Settings > Troubleshooting > Enable 'Enable self-defense' or 'Enable self-protection'
🧯 If You Can't Patch
- Ensure antivirus self-protection feature is enabled at all times
- Implement strict local access controls and monitor for suspicious privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check AVG/Avast version in Settings > About. If version is below 24.1 and self-protection is disabled, system is vulnerable.Check Version:
wmic product where "name like 'AVG%' or name like 'Avast%'" get name, versionVerify Fix Applied:
Verify version is 24.1 or higher in Settings > About and confirm self-protection is enabled in Settings > Troubleshooting.📡 Detection & Monitoring
Log Indicators:
- Unexpected privilege escalation events
- AVGUI.exe process manipulation
- COM object registration/modification
Network Indicators:
- None - local exploitation only
SIEM Query:
EventID=4688 AND (ProcessName='AVGUI.exe' OR ParentProcessName='AVGUI.exe') AND NewProcessName contains 'cmd.exe' OR 'powershell.exe'