TOCTOU Vulnerability in Avast and AVG Antivirus for Windows Allows Arbitrary File/Directory Deletion
CVE-2023-1585 · MEDIUM Severity
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later.
Learn more about our Web Application Penetration Testing UK.