First published: Thu Apr 09 2020(Updated: )
An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a file at a specific location, and pass this event to the driver, thereby defeating the anti-virus functionality.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Avira Free Antivirus | <15.0.2004.1825 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue in Avira Free-Antivirus is CVE-2020-8961.
The severity of CVE-2020-8961 is critical, with a CVSS score of 9.8.
The affected software version for this vulnerability is Avira Free Antivirus version up to 15.0.2004.1825.
This vulnerability allows code injection, which can be used to disable the Self-Protection feature and modify files on the system.
Yes, a fix is available. Please refer to the Avira support website for more information.