CVE-2024-6510

Published: Sep 12, 2024Modified: Oct 2, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking.

Affected (1)

Products: Avg: Internet Security

Avg

1 product

Internet Security

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Avg Internet Security	Before 24.1

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

CWE-749

Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

References (1)

https://www.cirosec.de/sa/sa-2023-008

Source: a341c0d1-ebf7-493f-a84e-38cf86618674

Third Party Advisory

Timeline

No history available yet.