CVE-2024-7236: 
AVG Antivirus vulnerability analysis and mitigation

AVG AntiVirus Free icarus contains a vulnerability (CVE-2024-7236) that allows local attackers to create a denial-of-service condition on affected installations. The vulnerability was discovered in the AVG Installer component and was disclosed on November 22, 2024. The affected software version is AVG AntiVirus Free 23.12.8700.812 (NVD, ZDI Advisory).

The vulnerability exists within the AVG Installer component. The specific flaw allows attackers to abuse the update functionality by creating a symbolic link to create a file. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The weakness has been classified as CWE-59: Improper Link Resolution Before File Access ('Link Following') (NVD, ZDI Advisory).

When successfully exploited, this vulnerability can lead to a persistent denial-of-service condition on the affected system. The impact is primarily focused on system availability, with no direct impact on confidentiality or integrity (ZDI Advisory).

The vulnerability was fixed in February 2024 Firmware Version 24.Xx. Users are advised to update to the latest version of AVG AntiVirus Free to mitigate this vulnerability (ZDI Advisory).