Avira Internet Security System Speedup Insecure Deserialization
Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM.
Description: CWE-502 Deserialization of Untrusted Data
Metrics
Version
Base score
Base severity
Vector
3.1
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version:3.1
Base score:7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC ID
Description
N/A
A local user can influence a privileged System Speedup process to deserialize untrusted data, potentially achieving privilege escalation to SYSTEM.
N/A
Untrusted serialized input may lead to execution of arbitrary code in the security context of the privileged optimizer component.
CAPEC ID: N/A
Description: A local user can influence a privileged System Speedup process to deserialize untrusted data, potentially achieving privilege escalation to SYSTEM.
CAPEC ID: N/A
Description: Untrusted serialized input may lead to execution of arbitrary code in the security context of the privileged optimizer component.
Solutions
Upgrade Avira Internet Security for Windows to version 1.1.114.3113 or later. Apply updates through the product's built-in updater or a fresh install from the vendor; see the release-notes reference in this record for current supported versions.