CVE-2024-7229: CWE-59: Improper Link Resolution Before File Access ('Link Following') in Avast Cleanup Premium
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22892.
CVE-2024-7229: CWE-59: Improper Link Resolution Before File Access ('Link Following') in Avast Cleanup Premium
Description
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22892.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- zdi
- Date Reserved
- 2024-07-29T20:23:13.968Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 699f6c10b7ef31ef0b55f911
Added to database: 2/25/2026, 9:39:28 PM
Last updated: 2/25/2026, 9:39:31 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2024-7250: CWE-59: Improper Link Resolution Before File Access ('Link Following') in Comodo Internet Security Pro
HighCVE-2024-7249: CWE-59: Improper Link Resolution Before File Access ('Link Following') in Comodo Firewall
HighCVE-2024-7248: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Comodo Internet Security Pro
HighCVE-2024-7247: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in bdthemes Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
MediumCVE-2024-7245: CWE-732: Incorrect Permission Assignment for Critical Resource in Panda Security Dome
HighActions
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.