From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: (0Day) Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability 2. CVE ID: CVE-2024-7227 3. CVSS Score: 7.8 4. Affected Vendor: Avast 5. Affected Product: Free Antivirus 6. Vulnerability Details: - This vulnerability allows a local attacker to escalate privileges on an affected Avast Free Antivirus installation. - The attacker must first gain the ability to execute low-privilege code on the target system. - The vulnerability resides in the Avast Service; by creating symbolic links, an attacker can abuse the service to delete files. - Attackers can exploit this vulnerability to escalate privileges and execute arbitrary code in the SYSTEM context. 7. Additional Details: - On October 19, 2023, ZDI reported the vulnerability to Avast’s Security Reports team. - On February 12 and February 23, 2024, ZDI requested updates. - On March 15, 2024, ZDI notified the vendor that, due to lack of response, a 0-day announcement would be published on March 27, 2024. - On April 25, 2024, a member of Gen Digital’s team stated that all security issues should be submitted through the third-party vulnerability disclosure program. - On May 16, 2024, ZDI resubmitted the vulnerability to the third-party vulnerability disclosure program. - On June 19, 2024, ZDI again requested an update. - On July 26, 2024, ZDI notified the vendor that, due to no response, a 0-day announcement would be published on July 29, 2024. 8. Mitigation: Due to the nature of the vulnerability, the only mitigation strategy is to restrict interaction with the application. 9. Disclosure Timeline: - May 16, 2024: Vulnerability reported to the vendor. - July 29, 2024: Coordinated public announcement. - August 15, 2024: Announcement updated. 10. Credit: Nicholas Zubrisky and Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative. This information provides a detailed description of the vulnerability, its scope of impact, discovery and disclosure process, and mitigation measures.