CVE-2015-2032 – AVAST 2015 Multiple Products Privilege Escalation

CVE: CVE-2015-2032
Vendor: Avast
Product: Multiple Products
Reported by: Kyriakos Economou (@kyREcon)

Advisory
A design error in one of the hooks in the self-defense module of multiple Avast 2015 products for Windows may allow a local attacker to elevate his privileges and execute code as SYSTEM.

Vulnerable Products
Avast Pro Antivirus v2015.10.0.2208
Avast Internet Security v2015.10.0.2208
Avast Premier v2015.10.0.2208

All Rights R3v3rs3d