TOCTOU Vulnerability in Avast and AVG Antivirus for Windows Allows Arbitrary File Creation

TOCTOU Vulnerability in Avast and AVG Antivirus for Windows Allows Arbitrary File Creation

CVE-2023-1586 · MEDIUM Severity

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11

Learn more about our Web Application Penetration Testing UK.