What is CVE-2017-8307?

CVE-2017-8307 is a critical-severity vulnerability in Avast Antivirus. CVSS score: 9.8/10. Published 2017-04-27.

How severe is CVE-2017-8307?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Avast Antivirus

CVE-2017-8307

In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulnerability is exploitable by any unprivileg…

EPSS: 0.018 (75.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Avast Antivirus
N/a — versions n/a

References

cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
cve@mitre.org (Technical Description, Exploit, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2017-8307?: CVE-2017-8307 is a critical-severity vulnerability in Avast Antivirus. CVSS score: 9.8/10. Published 2017-04-27.
How severe is CVE-2017-8307?: Critical severity. CVSS v3 base score is 9.8 out of 10.