Description
AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that execute with high-level system permissions.
Problem types
Unquoted Search Path or Element
Product status
Credits
Milad Karimi (Ex3ptionaL)
References
www.exploit-db.com/exploits/52510 (ExploitDB-52510)
www.avast.com/ (Official Product Homepage)
www.vulncheck.com/...uoted-service-path-privilege-escalation (VulnCheck Advisory: AVAST Antivirus 25.11 Unquoted Service Path Privilege Escalation)