Vulnerability in Avast Free_antivirus

CVE-2018-12572

Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data.

EPSS: 0.003 (23.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

  • cve@mitre.org (Exploit, VDB Entry, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2018-12572?
CVE-2018-12572 is a high-severity vulnerability in Avast Free_antivirus, classified under Cleartext Storage of Sensitive Information. CVSS score: 7.8/10. Published 2019-03-21.
How severe is CVE-2018-12572?
High severity. CVSS v3 base score is 7.8 out of 10.