CVE-2024-6510
📋 TL;DR
CVE-2024-6510 is a local privilege escalation vulnerability in AVG Internet Security v24 on Windows. It allows an unprivileged local user to gain SYSTEM-level privileges through COM hijacking. This affects Windows systems running the vulnerable AVG software.
💻 Affected Systems
- AVG Internet Security
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker with local access gains full SYSTEM privileges, enabling complete system compromise, persistence installation, credential theft, and lateral movement.
Likely Case
Malware or malicious users escalate privileges to bypass security controls, disable antivirus, and establish persistence on compromised systems.
If Mitigated
With proper endpoint protection and least privilege principles, impact is limited to isolated systems with no lateral movement capability.
🎯 Exploit Status
Exploit requires local user access; COM hijacking technique is well-documented and relatively simple to implement.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check AVG updates for latest version
Vendor Advisory: https://support.avg.com/
Restart Required: Yes
Instructions:
1. Open AVG Internet Security
2. Click Menu → Settings → Update
3. Click 'Update' button
4. Restart computer when prompted
🔧 Temporary Workarounds
Restrict COM Object Permissions
windowsModify COM object permissions to prevent hijacking by unprivileged users
reg add "HKLM\SOFTWARE\Classes\CLSID\{AVG-specific-CLSID}" /v AccessPermission /t REG_BINARY /d ...
Note: Specific CLSID and permissions need to be identified from advisory
Disable Vulnerable COM Component
windowsTemporarily disable the specific COM component until patch is applied
reg add "HKLM\SOFTWARE\Classes\CLSID\{AVG-specific-CLSID}\InprocServer32" /v "" /t REG_SZ /d "" /f
🧯 If You Can't Patch
- Implement strict least privilege principles for all user accounts
- Monitor for privilege escalation attempts using endpoint detection tools
🔍 How to Verify
Check if Vulnerable:
Check AVG version: Open AVG → Menu → About. If version starts with 24, system may be vulnerable.Check Version:
"%ProgramFiles%\AVG\Antivirus\avgui.exe" /versionVerify Fix Applied:
Verify AVG version is updated beyond v24.x and test privilege escalation attempts fail.📡 Detection & Monitoring
Log Indicators:
- Unexpected COM object registration events
- Process creation with SYSTEM privileges from non-privileged users
- AVG service manipulation attempts
Network Indicators:
- None - local exploitation only
SIEM Query:
EventID=4688 AND NewProcessName="*cmd.exe" OR "*powershell.exe" AND SubjectUserName!="SYSTEM" AND TokenElevationType="%%1938"