CVE-2024-7236 is a vulnerability identified in AVG AntiVirus Free version 23.12.8700.812, classified under CWE-59 (Improper Link Resolution Before File Access, also known as 'Link Following'). The vulnerability resides in the AVG Installer component, specifically in its update mechanism. An attacker with the ability to execute low-privileged code locally can create a symbolic link that the installer follows improperly during its update process. This improper link resolution allows the attacker to create arbitrary files on the system, which can be leveraged to induce a persistent denial-of-service (DoS) condition. The attack vector requires local access and low-level code execution privileges but does not require user interaction. The vulnerability does not impact confidentiality but affects system integrity and availability by enabling file creation that disrupts normal operation. The CVSS v3.0 score is 5.3 (medium severity), reflecting the need for local privileges and the high complexity of attack conditions. No public exploits have been reported yet, but the vulnerability was tracked as ZDI-CAN-22942 before public disclosure. The lack of patches at the time of disclosure means affected users must rely on mitigations until an update is released.

The primary impact of CVE-2024-7236 is the potential for a persistent denial-of-service condition on systems running the affected AVG AntiVirus Free version. By exploiting this vulnerability, an attacker can disrupt the antivirus update process or other system functions relying on the installer, potentially degrading endpoint security posture. This can lead to reduced system availability and increased risk exposure if antivirus updates fail or the system becomes unstable. Since exploitation requires local code execution with low privileges, the threat is most significant in environments where attackers have already gained limited access, such as through compromised user accounts or malware. The vulnerability does not expose sensitive data or allow privilege escalation directly but can be part of a multi-stage attack chain. Organizations relying heavily on AVG AntiVirus Free for endpoint protection may experience operational disruptions and increased risk of further compromise if this vulnerability is exploited.

1. Restrict local access: Limit the ability of untrusted users or processes to execute code on systems running AVG AntiVirus Free, especially on endpoints with sensitive data or critical functions. 2. Monitor and control symbolic link creation: Employ host-based intrusion detection or endpoint protection tools that can detect suspicious symbolic link creation or manipulation activities. 3. Apply principle of least privilege: Ensure users and applications operate with the minimum necessary privileges to reduce the risk of local code execution leading to exploitation. 4. Isolate update processes: Where possible, run antivirus update processes in restricted environments or sandboxes to prevent abuse of installer functionality. 5. Stay updated: Monitor AVG vendor advisories and apply patches or updates promptly once available to remediate the vulnerability. 6. Incident response readiness: Prepare to detect and respond to denial-of-service conditions related to antivirus failures, including fallback mechanisms for endpoint protection. 7. Employ application whitelisting and code integrity policies to prevent unauthorized code execution that could lead to exploitation.