The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Grisoft AVG AntiVirus

vulnerability alert CVE-2017-5565 CVE-2017-5566 CVE-2017-5567

Antivirus: privilege escalation via Microsoft Application Verifier

Synthesis of the vulnerability

An attacker can bypass restrictions via Microsoft Application Verifier of Antivirus, in order to escalate his privileges.
Impacted products: Avast AV, NOD32 Antivirus, F-Secure AV, AVG AntiVirus, McAfee MOVE AntiVirus, VirusScan, Norton Antivirus, Norton Internet Security, Panda AV, Panda Internet Security, TrendMicro Internet Security, OfficeScan.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 5.
Creation date: 22/03/2017.
Identifiers: 1116957, CVE-2017-5565, CVE-2017-5566, CVE-2017-5567, CVE-2017-6186, CVE-2017-6417, VIGILANCE-VUL-22211.

Description of the vulnerability

An attacker can bypass restrictions via Microsoft Application Verifier of Antivirus, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 18606

AVG AntiVirus: information disclosure via Chrome Extension

Synthesis of the vulnerability

An attacker can use a vulnerability in the Chrome extension of AVG AntiVirus, in order to obtain sensitive information.
Impacted products: AVG AntiVirus.
Severity: 2/4.
Consequences: data reading.
Provenance: internet server.
Creation date: 29/12/2015.
Identifiers: VIGILANCE-VUL-18606.

Description of the vulnerability

The AVG AntiVirus product installs the "AVG Web TuneUp" extension in Chrome, in order to monitor web activities.

However, an attacker can send JavaScript messages to this extension, to bypass access restrictions to data.

An attacker can therefore use a vulnerability in the Chrome extension of AVG AntiVirus, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2012-1443 CVE-2012-1456 CVE-2012-1457

Grisoft AVG Anti-Virus: bypassing via RAR, TAR, ZIP

Synthesis of the vulnerability

An attacker can create an archive containing a virus, which is not detected by Grisoft AVG Anti-Virus.
Impacted products: AVG AntiVirus.
Severity: 1/4.
Consequences: data flow.
Provenance: document.
Number of vulnerabilities in this bulletin: 6.
Creation date: 21/03/2012.
Identifiers: BID-52608, BID-52610, BID-52612, BID-52613, BID-52623, BID-52626, CVE-2012-1443, CVE-2012-1456, CVE-2012-1457, CVE-2012-1459, CVE-2012-1461, CVE-2012-1462, VIGILANCE-VUL-11480.

Description of the vulnerability

Tools extracting archives accept to extract archives which are slightly malformed. However, Grisoft AVG Anti-Virus does not detect viruses contained in these archives.

A RAR archive containing "MZ" as its first 2 bytes bypasses the detection. [severity:1/4; BID-52612, CVE-2012-1443]

A ZIP archive starting by TAR data bypasses the detection. [severity:1/4; BID-52608, CVE-2012-1456]

A TAR archive with a large size bypasses the detection. [severity:1/4; BID-52610, CVE-2012-1457]

A TAR archive with a header containing a large value bypasses the detection. [severity:1/4; BID-52623, CVE-2012-1459]

A TAR+GZ archive containing two streams bypasses the detection. [severity:1/4; BID-52626, CVE-2012-1461]

A ZIP archive starting by 1024 random bytes bypasses the detection. [severity:1/4; BID-52613, CVE-2012-1462]

An attacker can therefore create an archive containing a virus which is not detected by the antivirus, but which is extracted by extraction tools. The virus is then detected once it has been extracted on victim's computer.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2010-5151 CVE-2010-5152 CVE-2010-5154

Antivirus: bypassing SSDT Hooking

Synthesis of the vulnerability

When an antivirus redirects the SSDT to detect viruses, a local attacker can use an atomicity error, in order to bypass this protection.
Impacted products: Avast AV, CA Antivirus, F-Secure AV, AVG AntiVirus, Kaspersky AV, VirusScan, Norton Antivirus, Norton Internet Security, Panda AV, Panda Internet Security, Symantec AV.
Severity: 2/4.
Consequences: administrator access/rights, data flow.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 13.
Creation date: 10/05/2010.
Revision date: 11/05/2010.
Identifiers: CVE-2010-5151, CVE-2010-5152, CVE-2010-5154, CVE-2010-5156, CVE-2010-5161, CVE-2010-5163, CVE-2010-5166, CVE-2010-5167, CVE-2010-5168, CVE-2010-5171, CVE-2010-5172, CVE-2010-5177, CVE-2010-5179, VIGILANCE-VUL-9633.

Description of the vulnerability

The SSDT table (System Service Descriptor Table) contains references of system calls:
 - NtCreateKey : create a key in registry
 - NtCreateThread : create a thread
 - NtDeleteFile : delete a file
 - etc.

Antiviruses redirect entries of this table to verification functions. Several implementations check parameters, and then call the origin system call. However, between these two operations, a local attacker can change parameters of the system call. A attacker can therefore create a program using legitimate parameters, and then change them just before the system call.

When an antivirus redirects the SSDT to detect viruses, a local attacker can therefore use an atomicity error, in order to bypass this protection.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2009-1784

AVG Anti-Virus: bypassing via ZIP

Synthesis of the vulnerability

An attacker can create a ZIP archive containing a virus which is not detected by AVG.
Impacted products: AVG AntiVirus.
Severity: 2/4.
Consequences: data flow.
Provenance: document.
Creation date: 11/05/2009.
Identifiers: BID-34895, CVE-2009-1784, TZO-20-2009, VIGILANCE-VUL-8704.

Description of the vulnerability

AVG products detect viruses contained in ZIP archives.

However, an attacker can create a slightly malformed archive (by changing "Filelength"), which can still be opened by Unzip tools, but which cannot be opened by the antivirus.

An attacker can therefore create a ZIP archive containing a virus which is not detected by AVG.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2008-6662

AVG AV: denial of service via UPX

Synthesis of the vulnerability

An attacker can create a malicious UPX binary in order to create a denial of service and possibly to execute code in AVG AV.
Impacted products: AVG AntiVirus.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: document.
Creation date: 10/12/2008.
Identifiers: BID-32749, CVE-2008-6662, IVIZ-08-014, VIGILANCE-VUL-8320.

Description of the vulnerability

An attacker can create a malicious UPX binary in order to create a denial of service and possibly to execute code in AVG AV.



This vulnerability may only impact Linux versions of the antivirus.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2008-3373

AVG Anti-Virus: denial of service via UPX

Synthesis of the vulnerability

A remote attacker can generate a malicious UPX file, in order to create a denial of service during analysis.
Impacted products: AVG AntiVirus.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: document.
Creation date: 29/07/2008.
Identifiers: BID-30417, CVE-2008-3373, n.runs-SA-2008.004, VIGILANCE-VUL-7979.

Description of the vulnerability

Programs can be packed in order to shrink their size and make their analyze more complex. AVG Anti-Virus supports UPX packer (Ultimate Packer for eXecutables).

A program compacted with UPX can cause a division by zero in AVG Anti-Virus.

A remote attacker can therefore send a compacted program in order to generate a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2007-3777

AVG: memory corruption via avg7core.sys

Synthesis of the vulnerability

A local attacker can generate an overflow in avg7core.sys in order to corrupt memory.
Impacted products: AVG AntiVirus.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user account.
Creation date: 11/07/2007.
Identifiers: BID-24870, CVE-2007-3777, NGS00500, VIGILANCE-VUL-6988.

Description of the vulnerability

The AVG antivirus installs the avg7core.sys driver.

One of the functions proposed by the 0x5348E004 ioctl does not check user data before copying them in memory. An attacker can thus use it to write data in system memory.

A local attacker can therefore generate a denial of service or execute code with privileges of system.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2006-5937 CVE-2006-5938 CVE-2006-5939

AVG: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of AVG antivirus permit a remote attacker to generate a denial of service or to execute code.
Impacted products: AVG AntiVirus.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 13/11/2006.
Identifiers: BID-21029, CVE-2006-5937, CVE-2006-5938, CVE-2006-5939, CVE-2006-5940, n.runs-SA-2006.002, VIGILANCE-VUL-6313.

Description of the vulnerability

The AVG antivirus has several vulnerabilities:
 - An attacker can generate an integer overflow via a .CAB file. [severity:3/4; CVE-2006-5937]
 - An attacker can generate a denial of service via a .CAB file (uninitialized variable). [severity:3/4; CVE-2006-5938]
 - An attacker can generate a denial of service via a .DOC file (division by zero). [severity:3/4; CVE-2006-5939]
 - An attacker can generate an integer overflow via a .RAR file. [severity:3/4; CVE-2006-5937]
 - An attacker can generate several integer overflows via a .EXE file. [severity:3/4; CVE-2006-5940]

These vulnerabilities thus permit a remote attacker to generate a denial of service or to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 5835

Windows: creating unreachable files

Synthesis of the vulnerability

A local attacker can create a file on system which is not detected or cleaned by some checking tools, such as antivirus.
Impacted products: Avast AV, F-PROT AV, AVG AntiVirus, Kaspersky AV, Windows 2000, Windows NT, Windows XP.
Severity: 1/4.
Consequences: disguisement.
Provenance: user shell.
Creation date: 11/05/2006.
Identifiers: BID-17934, VIGILANCE-VUL-5835.

Description of the vulnerability

The RtlDosPathNameToNtPathName_U() function converts a Unicode MS-DOS pathname to NT pathname. It uses:
 - RtlGetFullPathName_Ustr(), if path has to be converted
 - RtlpWin32NTNameToNtPathName_U(), if path is already in NT format

However, both functions differently manage spaces located at end of paths:
 - the first one suppress them
 - the second one keeps them
Thus, the "\\?\C:\test " NT filename cannot be accessed using "C:\test " MS-DOS path.

For example, antivirus using the MS-DOS filename format cannot detect or disinfect viruses located in these files.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Grisoft AVG AntiVirus: