CVE-2022-28964: 
Avast Premium Security vulnerability analysis and mitigation

An arbitrary file write vulnerability was discovered in Avast Premium Security before version 21.11.2500 (build 21.11.6809.528). The vulnerability was identified in the AvastSvc.exe component, which creates a directory under the C drive with 'Modify' privileges for 'Authenticated Users' when malware threat detection is triggered (GitHub Disclosure).

The vulnerability occurs when AvastSvc.exe creates a directory under the C drive and a .db file during malware threat detection. Due to improper permission settings, the directory is assigned with 'Modify' privileges for 'Authenticated Users', allowing any unprivileged users to modify or write to this Avast-controlled directory. An unprivileged user can exploit this by creating a symbolic link to a privileged location such as C:\Windows\System32 or C:\Program Files\Avast Software\Avast (GitHub Disclosure).

The vulnerability enables unprivileged users to terminate the Avast antivirus service and cause a Denial of Service (DoS) to the affected system via a crafted DLL file (NVD, GitHub Disclosure).

The vulnerability has been patched in Avast Premium Security version 22.1. Users are advised to update their Avast Premium Security to the latest version to mitigate this vulnerability (GitHub Disclosure).

The vulnerability was responsibly disclosed to Avast on January 19, 2022. Avast provided an initial response on January 22, 2022, and confirmed the vulnerability on February 11, 2022, when they released a patch for the product (GitHub Disclosure).