Avast! Antivirus CVE-2017-8307 Arbitrary File Deletion Vulnerability

Avast! Antivirus is prone to an arbitrary-file-deletion vulnerability.

An attacker can exploit this issue to delete arbitrary files on a vulnerable computer with the affected application.

Versions prior to Avast! Antivirus 17 are vulnerable.

Information

Bugtraq ID: 98086
Class: Design Error
CVE: CVE-2017-8307

Remote: Yes
Local: No
Published: Apr 27 2017 12:00AM
Updated: Apr 28 2017 07:13PM
Credit: Martin Rakhmanov of Trustwave.
Vulnerable: Avast Antivirus 0

Not Vulnerable: Avast Antivirus 17

Exploit

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

References:

Avast! Homepage (Avast!)
Trustwave SpiderLabs Security Advisory TWSL2017-009: Multiple Vulnerabilities in (Trustwave)

Source: www.securityfocus.com

Exploit Collector

Search Exploit