7.8
CVE-2026-27749
- EPSS 0.32%
- Veröffentlicht 05.03.2026 14:15:35
- Zuletzt bearbeitet 01.04.2026 15:22:35
- Quelle security@nortonlifelock.com
- CVE-Watchlists
- Unerledigt
Avira Internet Security System Speedup Insecure Deserialization
Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Avira ≫ Internet Security SwPlatformwindows Version < 1.1.114.3113
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.238 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@nortonlifelock.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://www.gendigital.com/us/en/contact-us/security-advisories/
https://support.avira.com/hc/en-us/articles/360010656158-Current-Avira-versions
https://www.avira.com/en/internet-security