Arbitrary Changes to Components Section of Stats.ini File via Avast Antivirus RPC Endpoint

Arbitrary Changes to Components Section of Stats.ini File via Avast Antivirus RPC Endpoint

CVE-2020-10865 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process.

Learn more about our Web Application Penetration Testing UK.