Exploitation of AVG Internet Security via COM Hijacking
/ 1 min read
🔓 Exploiting AVG Internet Security through COM Hijacking for Privilege Escalation. This article details a method of exploiting AVG Internet Security by leveraging COM hijacking to gain elevated privileges. The researchers identified a vulnerability that allowed them to bypass an allow-listing mechanism by placing a malicious DLL in a writable system directory. They reverse-engineered the product’s RPC communication to disable self-protection features and trigger an update mechanism, ultimately using a combination of junctions and OpLocks to load an unsigned DLL. This successful exploitation highlights significant security flaws in AVG’s architecture, demonstrating the risks associated with trusting frontend processes to initiate privileged actions. Future posts will explore additional vulnerabilities related to COM hijacking.
