The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use (TOCTOU) when self protection is disabled.

Related CVEs

CVE-2024-5803

Key Information

GHSA ID

GHSA-ccfh-v7cp-3943

Published

October 3, 2024 3:30 PM

Last Modified

October 3, 2024 3:30 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 30, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.