GCVE - cpe:2.3:a:avast:premium_security:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:avast:premium_security:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Avast (`4c8df0f0-33ca-51f5-97dc-96fe6233c2d2`)
Product	Premium Security (`9ce9a904-0f19-591b-b8b0-904de4394949`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-42125`	vulnerable	2026-06-03 14:52:53.101178	Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability HIGH (7.8) Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the sandbox feature. By creating a symbolic link, an attacker can abuse the service to create arbitrary namespace objects. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. . Was ZDI-CAN-20383. Published: 2024-05-03T02:13:31.242Z Updated: 2024-09-20T19:07:41.026Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-23-1475/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-42124`	vulnerable	2026-06-03 14:52:53.100043	Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability MEDIUM (5.3) Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the sandbox feature. The issue results from incorrect authorization. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code outside the sandbox at medium integrity. . Was ZDI-CAN-20178. Published: 2024-05-03T02:13:30.533Z Updated: 2024-09-18T18:30:13.039Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-23-1474/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-28965`	vulnerable	2026-06-03 14:46:56.318986	Details available Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file. Published: 2022-05-20T01:13:39.000Z Updated: 2024-08-03T06:10:58.625Z Open on db.gcve.eu Reference links https://github.com/netero1010/Vulnerability-Disclosure/tree/main/CVE-2022-AVAST2 https://forum.avast.com/index.php?topic=318305.0	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-28964`	vulnerable	2026-06-03 14:46:56.318567	Details available An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file. Published: 2022-05-20T01:13:35.000Z Updated: 2024-08-03T06:10:57.768Z Open on db.gcve.eu Reference links https://github.com/netero1010/Vulnerability-Disclosure/tree/main/CVE-2022-AVAST1 https://forum.avast.com/index.php?topic=317641.0	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-27241`	vulnerable	2026-06-03 14:44:09.795686	Details available MEDIUM (6.1) This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AvastSvc.exe module. By creating a directory junction, an attacker can abuse the service to delete a directory. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12082. Published: 2021-03-29T21:05:31.000Z Updated: 2024-08-03T20:48:15.888Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-21-208/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.