CVE-2024-7237: 
AVG Antivirus vulnerability analysis and mitigation

A local privilege escalation vulnerability has been identified in AVG AntiVirus Free, tracked as CVE-2024-7237. The vulnerability was discovered and reported to the vendor on January 3, 2024, with public disclosure occurring on July 29, 2024. The vulnerability affects the AVG Service component of AVG AntiVirus Free and has been assigned a CVSS v3.1 score of 7.8 (High) (ZDI Advisory, NVD).

The vulnerability exists within the AVG Service component and involves a link following flaw (CWE-59). An attacker can exploit this vulnerability by creating a symbolic link that allows them to abuse the service to delete a folder. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with low attack complexity (ZDI Advisory).

Successful exploitation of this vulnerability allows an attacker to escalate privileges and execute arbitrary code in the context of SYSTEM, potentially gaining complete control over the affected system. This could lead to unauthorized access to sensitive data, system modifications, and potential compromise of the entire system (ZDI Advisory).

The vulnerability has been fixed in the February 2024 Firmware Version 24.Xx release. Users are advised to update their AVG AntiVirus Free installation to the latest version to protect against this vulnerability (ZDI Advisory).