| TVN ID | TVN-202604011 |
|---|---|
| CVE ID | CVE-2026-7279, CVE-2026-7280 |
| CVSS | 【CVE-2026-7279】 7.8 (High) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 【CVE-2026-7280】 6.7 (Medium) CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Affected Products | AVACAST(Windows) version 5.10.10.43 and earlier |
| Description | 【CVE-2026-7279(DLL Hijacking)】 Authenticated local attackers to place a malicious DLL in a specific directory, resulting in arbitrary code execution with system privileges when the system loads the DLL. 【CVE-2026-7280(Unquoted Service Path)】 Privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitrary code execution with system privileges when the AVACAST service starts. |
| Solution | Update to version 5.10.10.45 or later. |
| Credit | Kazuma Matsumoto(GMO Cybersecurity by IERAE, Inc.) |
| Public Date | 2026-04-28 |
:::