CVE-2024-7234: 
AVG Antivirus vulnerability analysis and mitigation

A local privilege escalation vulnerability (CVE-2024-7234) was discovered in AVG AntiVirus Free that affects the AVG Service component. The vulnerability was reported to the vendor on November 1, 2023, and was publicly disclosed on July 29, 2024. This security flaw impacts installations of AVG AntiVirus Free version 23.9.8494.795 (NVD, ZDI Advisory).

The vulnerability exists within the AVG Service component and is classified as an Improper Link Resolution Before File Access (Link Following) vulnerability (CWE-59). It has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The flaw allows an attacker to abuse the service by creating a symbolic link that can be exploited to delete files (ZDI Advisory).

If successfully exploited, this vulnerability allows an attacker to escalate privileges and execute arbitrary code in the context of SYSTEM on the affected system. This means an attacker could gain complete control over the compromised system with the highest possible privileges (ZDI Advisory).

The vulnerability has been fixed in the February 2024 Firmware Version 24.Xx release. Users are advised to update to this version or later to protect against this vulnerability (ZDI Advisory).