Change language
Python.Engineering Wiki Ten-year-old bugs found in Avast and AVG antiviruses

Ten-year-old bugs found in Avast and AVG antiviruses

News
Michael Zippo Michael Zippo 10.05.2022

SentinelOne said they found two serious vulnerabilities in Avast and AVG antivirus products. Both are linked to their common anti-rootkit driver aswArPot.sys. Vulnerabilities appeared in the code with the release of Avast 12.1 in 2012, but all this time they remained unnoticed.

December 2021

Experts identified bugs in December 2021. Then they received the identifiers CVE-2022-26522 and CVE-2022-26523. In February, the vulnerabilities were fixed with the release of version 22.1.

The function first attaches the current thread to the target process and then uses nt!PsGetProcessPeb to get a pointer to the PEB of the current process (red arrow). It then retrieves (for the first time) PPEB->ProcessParameters->CommandLine.Length to allocate a new buffer (yellow arrow) and copies the user-provided buffer to PPEB->ProcessParameters->CommandLine.Buffer with the size PPEB->ProcessParameters->CommandLine. Length (orange arrow).

SentinelOne rated the vulnerabilities "high severity": they allowed an attacker with limited privileges on the system to execute code in kernel mode and eventually take full control of the device.

“The nature of these vulnerabilities is such that they can be launched from sandboxes and used in a context other than simple local privilege escalation. For example, vulnerabilities can be used in the second stage of a browser attack or to escape from a sandbox. Among the obvious abuses of such problems is bypassing security solutions,” the researchers note. According to them, bugs can be used to disable security products, overwrite system components, damage the operating system, or perform malicious operations without hindrance.

So far, experts have no evidence that the vulnerabilities were exploited in practice.

Avast and AVG

Avast bought AVG in 2016. Their antiviruses are popular all over the world, so the vulnerabilities could potentially affect millions of users.

Meanwhile, Trend Micro detailed the AvosLocker ransomware, which used a different issue in the same driver to disable antivirus products in its attacks. AvosLocker was first discovered in July 2021. Over the past few months, he’s had a few new options.

Michael Zippo
2022/05/10

https://linkedin.com/in/michael-zippo-9136441b1
[email protected]

Sources: SentinelOne

Shop

Best laptop for Sims 4

$

Best laptop for Zoom

$499

Best laptop for Minecraft

$590

Best laptop for engineering student

$

Best laptop for development

$

Best laptop for Cricut Maker

$

Best laptop for hacking

$890

Best laptop for Machine Learning

$950

Latest questions

NUMPYNUMPY

psycopg2: insert multiple rows with one query

12 answers

NUMPYNUMPY

How to convert Nonetype to int or string?

12 answers

NUMPYNUMPY

How to specify multiple return types using type-hints

12 answers

NUMPYNUMPY

Javascript Error: IPython is not defined in JupyterLab

12 answers

All questions

News

16/05/2022 An insider said that Call of Duty: Modern Warfare 2 trailer will be released on June 8 16/05/2022 Ibbu platform fired Samsung chat employee after she spoke about unpaid workload 16/05/2022 The European Commission proposed to automatically scan private correspondence to protect children

Wiki

__del__

Python OpenCV | cv2.putText () method

__del__

numpy.arctan2 () in Python

__del__

Python | os.path.realpath () method

around

Python OpenCV | cv2.circle () method

cvtcolor

Python OpenCV cv2.cvtColor () method

Python Methods and Functions

Python - Move item to the end of the list

Counters

time.perf_counter () function in Python

__dict__

Check if one list is a subset of another in Python

__del__

Python os.path.join () method