CVE-2017-8307

9.8 CRITICAL
Published: April 27, 2017 Modified: May 13, 2026
View on NVD

Description

In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulnerability is exploitable by any unprivileged user when Avast Self-Defense is disabled. It is also exploitable in conjunction with CVE-2017-8308 when Avast Self-Defense is enabled. The vulnerability allows for Denial of Service attacks and hiding traces of a possible attack.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://www.securityfocus.com/bid/98086
Source: cve@mitre.org
Third Party Advisory VDB Entry
https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Avast-Antivirus/?fid=9201
Source: cve@mitre.org
Exploit Technical Description Third Party Advisory
http://www.securityfocus.com/bid/98086
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Avast-Antivirus/?fid=9201
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Technical Description Third Party Advisory

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.8 / 10.0
EPSS (Exploit Probability)
1.8%
75th percentile
Exploitation Status
Not in CISA KEV

Affected Vendors

avast