Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-12572

Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data.

Published

2019-03-21T16:00:14.187

Last Modified

2024-11-21T03:45:27.470

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-312

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	avast	free_antivirus	< 19.1.2360	Yes

References

http://packetstormsecurity.com/files/151590/Avast-Anti-Virus-Local-Credential-Disclosure.html Exploit, Third Party Advisory, VDB Entry ([email protected])
http://packetstormsecurity.com/files/151590/Avast-Anti-Virus-Local-Credential-Disclosure.html Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)