CVE-2020-10865

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/04/2020
Last modified:
02/04/2020

Description

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:avast:antivirus:*:*:*:*:*:*:*:* 20.0 (excluding)
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*