CVE-2024-7237 is a local privilege escalation vulnerability identified in AVG AntiVirus Free, specifically version 23.12.8700.813. The vulnerability stems from improper link resolution before file access, classified under CWE-59 ('Improper Link Resolution Before File Access'). The AVG service (AVGSvc) improperly handles symbolic links created by a local attacker. By crafting a symbolic link, the attacker can trick the service into deleting arbitrary folders, which leads to privilege escalation. The attacker must first have the ability to execute code with low privileges on the target system, such as through another vulnerability or local access. Once exploited, the attacker can execute arbitrary code in the context of the SYSTEM account, effectively gaining full control over the affected machine. The vulnerability has a CVSS 3.0 score of 7.8, indicating high severity, with attack vector local, low attack complexity, low privileges required, no user interaction, and impacts on confidentiality, integrity, and availability. No patches or exploits in the wild have been reported at the time of publication, but the flaw represents a significant risk due to the high privileges attainable by attackers. This vulnerability was reported by the Zero Day Initiative (ZDI) as ZDI-CAN-22960 and is currently published and tracked in the CVE database.

The impact of CVE-2024-7237 is significant for organizations running the affected AVG AntiVirus Free version. Successful exploitation allows a local attacker to escalate privileges from a low-privileged user to SYSTEM level, granting full administrative control over the system. This can lead to unauthorized access to sensitive data, modification or deletion of critical files, installation of persistent malware, and disruption of system availability. The ability to execute arbitrary code as SYSTEM undermines the security posture of the endpoint, potentially enabling lateral movement within networks and further compromise of organizational assets. Since AVG AntiVirus Free is widely used on Windows endpoints, especially in consumer and small business environments, the vulnerability poses a risk to a broad user base. Organizations relying on AVG for endpoint protection may face increased risk if attackers chain this vulnerability with other local exploits or social engineering attacks to gain initial code execution. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, as public disclosure may prompt attackers to develop exploits rapidly.

To mitigate CVE-2024-7237, organizations should first verify if they are running the affected AVG AntiVirus Free version 23.12.8700.813. Since no official patch is currently available, immediate mitigation steps include: 1) Restrict local user permissions to prevent untrusted users from executing code or creating symbolic links on systems running AVG. 2) Employ application whitelisting and endpoint detection to monitor and block suspicious symbolic link creation or deletion activities related to the AVG service. 3) Use Windows security features such as Controlled Folder Access and enhanced auditing to detect and prevent unauthorized file system changes. 4) Isolate critical systems and limit local administrative access to reduce the attack surface. 5) Monitor vendor communications closely for patches or updates addressing this vulnerability and apply them promptly once released. 6) Consider temporarily disabling or uninstalling AVG AntiVirus Free on systems where local privilege escalation risk is unacceptable until a fix is available. 7) Educate users about the risks of running untrusted code locally, as initial low-privileged code execution is a prerequisite for exploitation.