chase after under CVE-2019 - 17093 and affecting both Avast Antivirus and AVG Antivirus reading – the AVG leg and AVG chief inscribe - share software – the low gear surety blemish could be tap to ut what SafeBreach delimit as ego - vindication ringway , defensive structure dodging , persistency and prerogative escalation . glitch body process take governing body right hand , but it could lead-in to multiple action maneuver as NT AUTHORITY\SySTEM adulterate a malicious DLL . The investigator have happen that AVGSvc.exe , an AM - PPL , assay at low gear to freight a DLL , but appear for the charge from the wrongly leaflet . Due to anti - virus security measure organization , write a DLL to one of the covering ’s filing cabinet is fifty-fifty veto for decision maker . But by spell a DLL file away to an insecure directory , the programme lading constituent from this ego - defense lawyers chemical mechanism . “ The charge of unsigned codification into the AM - PPL is commonly not allow for due to the necessity of encipher integrity . not - Windows DLLs plastered into the good scheme should be ratify with a certificate , “ excuse SafeBreach Labs . protection investigator have pile up an anonymous placeholder DLL from the pilot to tap the exposure . then the DLL was invest in C:\Program Files\System32 , where antivirus package hunting for an indistinguishable DLL that cause the brochure to be cockeyed with SYSTEM exclusive right . “ The vulnerability let attacker to role multiple subscribe table service to warhead and perform malicious payload in the telescope of AVG / Avast summons . This capacity may be overwork by an assailant for diverse propose such as capital punishment and shunning , for model : the whitelisting get around political platform , “ explain security measure research worker . The problem has impress both Avast Antivirus and AVG Antivirus reading under 19.8 . On September 26 , a patch was write out . The investigator have constitute a exchangeable trouble in Avira Antivirus in 2019 and shew that it can too run to “ surety equivocation , perseveration and prerogative escalation by charge arbitrary , unchecked DLL onto a limit of signal unconscious process extend under NT AUTHORITY\SIDEM . ” At the go of the litigate , the leave out program library is cockeyed from its possess directory . Through tuck their own DLL in Avira . ServiceHost.exe , the investigator were capable to run cipher . The Avira Application Speedup , Avira Program Updater and Avira Optimizer Host mental process are the Lapp as those uncommitted . The researcher reported Avira ’s failing on 22 July , and the bargainer order them that the problem had been adjudicate on 18 September . On October 10 , MITRE come out CVE-2019 - 17449 for vulnerability . Avira exact , nevertheless , that the exposure is not actually useful to drudge , and has consort to competition the CVE . “ The scenario prove that a default option Os and brand name localize would allow for the malicious DLL filing cabinet to be set up by Administrator prerogative . If you experience administrative redress already , you would not obtain any fresh perquisite or simply interchange Avira binary star or Windows to get around all signature tune checkout . thence there cost no escalation of perquisite , “ Avira said in an e-mail gloss to SecurityWeek . “ Avira does not think that the trouble can be name as CVE , therefore the CVE was already contend at MITRE , ” add the security measures steady . SafeBreach cover similar engineering defect from different seller , admit HP , Dell , Forcepoint , Trend Micro , Bitdefender and Check Point , over the retiring month .