CVE-2024-7234 is a vulnerability identified in AVG AntiVirus Free version 23.9.8494.795, classified under CWE-59 (Improper Link Resolution Before File Access, also known as 'Link Following'). The flaw exists in the AVG Service component, which improperly handles symbolic links created by a local attacker. By crafting a symbolic link, an attacker who already has the ability to execute code with low privileges on the affected system can trick the AVG service into deleting arbitrary files. This improper link resolution allows the attacker to escalate privileges from a low-privileged user to SYSTEM, the highest privilege level on Windows systems. The vulnerability does not require user interaction but does require prior local code execution. The CVSS v3.0 score of 7.8 indicates a high severity with significant impact on confidentiality, integrity, and availability. The vulnerability was reserved in July 2024 and published in November 2024, with no known exploits in the wild reported so far. The root cause is the service's failure to securely handle symbolic links, enabling an attacker to manipulate file operations to their advantage. This type of vulnerability is particularly dangerous because it leverages a common feature of Windows file systems (symbolic links) to bypass security controls and elevate privileges.

The primary impact of CVE-2024-7234 is local privilege escalation, allowing an attacker with limited access to gain SYSTEM-level privileges. This can lead to full system compromise, including the ability to install persistent malware, disable security controls, access sensitive data, and disrupt system availability. Because the vulnerability affects a widely used antivirus product, exploitation could undermine endpoint security defenses, increasing the risk of further attacks. Organizations relying on AVG AntiVirus Free on Windows desktops and servers may face increased risk of insider threats or attacks from malware that gains initial foothold with low privileges. The vulnerability affects confidentiality, integrity, and availability, as attackers can manipulate system files and execute arbitrary code at the highest privilege level. Although no exploits are currently known in the wild, the ease of exploitation once local code execution is obtained makes this a significant risk, especially in environments where users have the ability to run untrusted code or where attackers have gained limited access through other means.

1. Immediately update AVG AntiVirus Free to a patched version once available from the vendor to remediate the vulnerability. 2. Until a patch is released, restrict local user permissions to prevent untrusted users from executing code or creating symbolic links in directories monitored by the AVG service. 3. Employ application whitelisting and endpoint detection and response (EDR) tools to detect suspicious symbolic link creation or file deletion activities. 4. Harden system configurations by limiting the ability to create symbolic links to trusted administrators only, using Group Policy or security settings. 5. Monitor system and security logs for unusual file system activities related to the AVG service or symbolic link usage. 6. Educate users about the risks of running untrusted code locally, as initial low-privileged code execution is required for exploitation. 7. Consider deploying additional layered security controls such as sandboxing or privilege separation to reduce the impact of local code execution. 8. Regularly audit installed software versions and promptly apply security updates to minimize exposure to known vulnerabilities.