Vulnerability Report

CVE-2017-5567

RCE

Title: Avast Free Antivirus RCE

RCE

Proof Of Concept

No public PoC currently indexed for CVE-2017-5567.

CWE Category CWE-427
Published Date Mar 21, 2017
Modified Date May 13, 2026
Exploit Status Not Found
Score 6.7 CVSS v3.0
Exploit Probability (EPSS)
0.10%

Vulnerability Summary

CVE-2017-5567: Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack.

Impacted Vendors

F
f-secure 1
A
avast 4
A
avira 1

Reference Links

http://cybellum.com/doubleagent-taking-full-control-antivirus/ http://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/ http://www.securityfocus.com/bid/97017 http://cybellum.com/doubleagent-taking-full-control-antivirus/ http://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/ http://www.securityfocus.com/bid/97017
CVSS v3.0
Source Entity [email protected]
Severity MEDIUM
6.7
Attack Vector
LOCAL
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0
Source Entity [email protected]
Severity HIGH
7.2
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:L/AC:L/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2017-5567 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector LOCAL
Complexity LOW
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Stack

No specific products linked.