CVE-2006-1355 in Avast! Antivirusinfo

Summary

by MITRE

avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissions to critical system files in the installation folder, which allows local users to gain privileges or disable protection by modifying those files.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 04/21/2018

The vulnerability described in CVE-2006-1355 represents a critical access control flaw in avast! Antivirus version 4.6.763 and earlier installations. This issue stems from the software's installation process where it grants excessive permissions to the BUILTIN\Everyone group for essential system files within its installation directory. The vulnerability specifically targets the fundamental security principle of least privilege by allowing any local user to manipulate critical antivirus components. This misconfiguration creates a persistent security weakness that undermines the protective capabilities of the antivirus software itself.

The technical implementation of this flaw involves the Windows file system permission model where avast! Antivirus incorrectly configures access control lists for its core files. When the software installs with permissions set to BUILTIN\Everyone, it essentially provides read, write, and execute access to all local users on critical system components. This configuration violates standard security practices and creates a privilege escalation vector that attackers can exploit to modify or replace essential antivirus binaries. The vulnerability is particularly concerning because it affects files that are fundamental to the antivirus engine's operation and protection mechanisms.

The operational impact of this vulnerability extends beyond simple privilege escalation to encompass complete system compromise potential. Local users who exploit this weakness can modify or delete critical antivirus files, effectively disabling the protection mechanisms that the software is designed to provide. This creates a scenario where an attacker with local access can undermine the security posture of an entire system by simply modifying the antivirus installation. The vulnerability also enables attackers to potentially inject malicious code into the antivirus components, creating a persistent backdoor that operates beneath the protection layer that users expect from their antivirus software.

This vulnerability aligns with CWE-276, which addresses incorrect permissions for critical resources, and represents a classic example of improper access control in security software. From an adversarial perspective, this issue maps to multiple ATT&CK techniques including privilege escalation through file permission modification and persistence mechanisms. The flaw demonstrates how security software can inadvertently create attack vectors that undermine its own protective capabilities, creating a paradoxical situation where the tool meant to secure a system becomes a pathway for compromise.

The recommended mitigations for this vulnerability involve immediate patching of the avast! Antivirus software to version 4.6.764 or later, which contains the corrected permission settings. System administrators should also conduct thorough permission audits of antivirus installations to ensure that no other security software exhibits similar misconfigurations. Additionally, implementing proper access control policies and regular security assessments can help identify and remediate similar issues in other security tools. Organizations should consider implementing monitoring solutions to detect unauthorized modifications to critical system files and establish baseline configurations that prevent such permission misconfigurations from occurring in the first place.

Reservation

03/21/2006

Disclosure

03/21/2006

Moderation

accepted

Entry

VDB-2092

CPE

ready

EPSS

0.00388

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!