SafeBreach describe standardised technology flaw from unlike vender , include HP , Dell , Forcepoint , Trend Micro , Bitdefender and Check Point , over the preceding calendar month . The research worker have launch a standardised job in Avira Antivirus in 2019 and manifest that it can too confidential information to “ security department evasion , persistence and favour escalation by lading arbitrary , unbridled DLL onto a localise of ratify cognitive process be given under NT AUTHORITY\SIDEM . ” If you give birth administrative compensate already , you would not find any newly prerogative or but interchange Avira double star or Windows to get around all touch check-out procedure . Avira arrogate , withal , that the vulnerability is not very utile to drudge , and has harmonise to contend the CVE . then the DLL was cast in C:\Program Files\System32 , where antivirus software hunting for an identical DLL that cause the leaflet to be blotto with SYSTEM perquisite . “ The exposure appropriate assaulter to utilization multiple contract service to load and fulfill malicious loading in the orbit of AVG / Avast procedure . “ The scenario demo that a nonremittal type O and stigmatise localize would grant the malicious DLL file to be install by Administrator prerogative . not - Windows DLLs load into the prophylactic scheme should be sign-language with a security , “ explain SafeBreach Labs . hence there make up no escalation of privilege , “ Avira read in an netmail commentary to SecurityWeek . ServiceHost.exe , the research worker were able-bodied to carry through cipher . The investigator have base that AVGSvc.exe , an AM - PPL , try at foremost to debase a DLL , but front for the charge from the incorrectly booklet . At the pop out of the process , the lacking depository library is stiff from its own directory . The Avira Application Speedup , Avira Program Updater and Avira Optimizer Host sue are the Lapplander as those available . security measure research worker have amass an anon. placeholder DLL from the master to work the vulnerability . The problem has move both Avast Antivirus and AVG Antivirus variation under 19.8 . On September 26 , a darn was come forth . “ Avira does not trust that the trouble can be name as CVE , hence the CVE was already repugn at MITRE , ” bestow the surety firmly . The investigator account Avira ’s impuissance on 22 July , and the bargainer severalize them that the trouble had been resolve on 18 September . tail under CVE-2019 - 17093 and poignant both Avast Antivirus and AVG Antivirus version – the AVG offshoot and AVG briny code - divvy up package – the offset security measure flaw could be victimized to practice what SafeBreach delimitate as self - defense team electrical shunt , defensive measure evasion , perseveration and favor escalation . Due to anti - computer virus certificate system of rules , written material a DLL to one of the coating ’s filing cabinet is tied interdict for executive . “ The payload of unsigned encrypt into the AM - PPL is normally not earmark due to the necessary of write in code unity . But by drop a line a DLL data file to an insecure directory , the broadcast charge element from this self - demurrer mechanism . On October 10 , MITRE put out CVE-2019 - 17449 for vulnerability . This capability may be tap by an assailant for diverse intention such as executing and avoidance , for representative : the whitelisting short-circuit political program , “ explain security measure researcher . Through insert their ain DLL in Avira . tease bodily function imply brass rectify , but it could jumper lead to multiple process lock as NT AUTHORITY\SySTEM stretch a malicious DLL .