CVE-2024-7230 is a local privilege escalation vulnerability identified in Avast Cleanup Premium version 23.4 (build 15592). The root cause is improper link resolution before file access (CWE-59) within the Avast Cleanup Service. Specifically, the service fails to securely handle symbolic links, allowing a local attacker who already has the ability to execute low-privileged code to create a symbolic link that points to a sensitive file. When the service processes this link, it inadvertently deletes or modifies files it should not, enabling the attacker to escalate privileges to SYSTEM level. This flaw leverages the service's higher privilege context to perform unauthorized file operations. Exploitation does not require user interaction but does require local access and some initial code execution capability at a low privilege level. The vulnerability was reported by the Zero Day Initiative (ZDI) and assigned CVE-2024-7230 with a CVSS v3.0 score of 7.8, indicating a high severity. No public exploits have been observed in the wild yet. The vulnerability affects confidentiality, integrity, and availability because an attacker gaining SYSTEM privileges can fully control the affected system, access sensitive data, and disrupt operations. The vulnerability is specific to Windows environments where Avast Cleanup Premium is installed and running. The absence of patches at the time of reporting means users must rely on interim mitigations until official updates are released.

This vulnerability allows an attacker with limited local access to escalate privileges to SYSTEM, effectively gaining full control over the affected machine. The impact is severe as it compromises confidentiality, integrity, and availability of the system. Attackers can execute arbitrary code with the highest privileges, potentially installing persistent malware, stealing sensitive information, or disrupting system operations. Organizations relying on Avast Cleanup Premium in environments where users have local accounts with some execution capabilities are at risk. This can lead to lateral movement within networks, data breaches, and operational downtime. The vulnerability is particularly concerning in enterprise and government environments where privileged access controls are critical. Although no known exploits are currently in the wild, the existence of a reliable local privilege escalation path makes this a high-priority issue for defenders to address proactively.

1. Apply official patches from Avast as soon as they are released to address this vulnerability directly. 2. Until patches are available, restrict local user permissions to prevent untrusted users from executing code or creating symbolic links. 3. Implement application whitelisting to limit execution of unauthorized binaries or scripts. 4. Monitor file system activity for suspicious symbolic link creation or deletion operations, especially targeting Avast Cleanup Service files. 5. Use endpoint detection and response (EDR) tools to detect anomalous behavior indicative of privilege escalation attempts. 6. Harden local accounts by enforcing least privilege principles and disabling unnecessary local accounts. 7. Educate users about the risks of running untrusted code locally. 8. Consider temporarily disabling or uninstalling Avast Cleanup Premium in high-risk environments until a patch is applied. 9. Review and tighten group policies related to symbolic link creation and file system permissions where possible.