The Antivirus maker Avast has disabled a major component of its antivirus engine to address a severe vulnerability that would have allowed attackers to hack into users’ PCs.
Ormandy pointed out that the main Avast antivirus process, AvastSvc.exe, which, runs as SYSTEM.
The service loads the low level antivirus engine, and analyzes
“Despite being highly privileged and processing
The vulnerability researcher also released a tool that he used in his tests.
Ormandy explained that this flaw is trivial to exploit, an attacker could trigger it by sending to a user running the flawed antivirus a malicious JS or WSH file via email, or tricking the victims into accessing a specially-crafted that contains
In a statement Avast sent to ZDNet, the antivirus maker confirmed that the mitigation action it
We have fixed this by disabling the emulator, to ensure our hundreds of millions of users are protected from any attacks. This won’t affect the functionality of our AV product, which is based on multiple security layers.” reads the statement released by the security firm.