CVE-2023-51636: 
Avira System Speedup vulnerability analysis and mitigation

Avira Prime contains a local privilege escalation vulnerability (CVE-2023-51636) that affects the Avira Spotlight Service. The vulnerability was discovered by Filip Dragovic and disclosed on May 17, 2024. This security flaw allows local attackers with low-privileged code execution capabilities to escalate privileges on affected installations of Avira Prime (Zero Day Initiative).

The vulnerability exists within the Avira Spotlight Service component. The specific flaw allows attackers to abuse the service by creating a symbolic link that can be used to delete files. The vulnerability has been assigned a CVSS v3.0 base score of 7.8 (HIGH) with the vector string: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is tracked as ZDI-CAN-21600 (Zero Day Initiative).

A successful exploit of this vulnerability allows an attacker to escalate privileges and execute arbitrary code in the context of SYSTEM. This means an attacker could gain complete control over the affected system, potentially leading to unauthorized access to sensitive data and system resources (Zero Day Initiative).

The vulnerability has been fixed in Speedup version 6.27.19. Users are advised to update to this version or later. The patch can be obtained from: https://public-beta.avira.com/download/speedup-windows/avirasystemspeedup.exe (Zero Day Initiative).