The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component.
Metrics
CVSS Version: 3.1 |
Base Score: 7.7 HIGH Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
l➤ Exploitability Metrics: Attack Vector (AV)* LOCAL Attack Complexity (AC)* HIGH Privileges Required (PR)* LOW User Interaction (UI)* NONE Scope (S)* CHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* HIGH Availability Impact (A)* LOW
Weakness Enumeration (CWE)
CWE-ID: CWE-119 CWE Name: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Source: NortonLifelock
Common Attack Pattern Enumeration and Classification (CAPEC)