TOCTOU Vulnerability in Avast and AVG Antivirus for Windows Allows Arbitrary File/Directory Deletion

TOCTOU Vulnerability in Avast and AVG Antivirus for Windows Allows Arbitrary File/Directory Deletion

CVE-2023-1585 · MEDIUM Severity

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later.

Learn more about our Web Application Penetration Testing UK.