Zero-Day Advisory
Fortinet Discovers AVG Self-Protection Bypass Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered Security Bypass vulnerability in AVG.
When performing AV's update, AVG is reading some legacy registry entries that could lead to AVG file path hijacking, which could in turn allow adversaries to disable AV auto-update.
Solutions
Users should apply the solution provided by AVG.
Additional Information
Following products and versions are affected.
AVG Free Edition 16.101.7752 and below
Acknowledgement
This vulnerability was discovered by Wayne Low of Fortinet's FortiGuard Labs.