CVE-2020-10865

EUVD-2020-3271
An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
avastantivirus
𝑥
< 20.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://forum.avast.com/index.php?topic=232420.0
https://forum.avast.com/index.php?topic=232423.0
https://github.com/umarfarook882/Avast_Multiple_Vulnerability_Disclosure/blob/master/README.md
https://forum.avast.com/index.php?topic=232420.0
https://forum.avast.com/index.php?topic=232423.0
https://github.com/umarfarook882/Avast_Multiple_Vulnerability_Disclosure/blob/master/README.md