CVE-2024-7228: CWE-59: Improper Link Resolution Before File Access ('Link Following') in Avast Free Antivirus
Avast Free Antivirus Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to create a folder. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-22806.
CVE-2024-7228: CWE-59: Improper Link Resolution Before File Access ('Link Following') in Avast Free Antivirus
Description
Avast Free Antivirus Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to create a folder. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-22806.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- zdi
- Date Reserved
- 2024-07-29T20:22:57.091Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 699f6c10b7ef31ef0b55f90e
Added to database: 2/25/2026, 9:39:28 PM
Last updated: 2/25/2026, 9:39:34 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2024-7423: CWE-352 Cross-Site Request Forgery (CSRF) in xwp Stream
HighCVE-2024-7422: CWE-352 Cross-Site Request Forgery (CSRF) in jfarthing84 Theme My Login
MediumCVE-2024-7420: CWE-352 Cross-Site Request Forgery (CSRF) in f1logic Insert PHP Code Snippet
MediumCVE-2024-7419: CWE-94 Improper Control of Generation of Code ('Code Injection') in WP All Import WP All Export Pro
HighCVE-2024-7418: CWE-200 Information Exposure in techlabpro1 The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
MediumActions
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.