CVE-2017-6417 Avira Anti-Virus DoubleAgent Code injection vulnerability

Avira is an antivirus and security tool.

A code injection vulnerability, called DoubleAgent, affects Avira Antivirus which allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avira process.

The products mentioned do not use the Protected Processes feature, and which can allow an attacker to enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry. The self-protection mechanism is used to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products. The mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack.

Affected Versions:
1) Avira Total Security Suite 15.0 (and earlier)
2) Avira Optimization Suite 15.0 (and earlier)
3) Avira Internet Security Suite 15.0 (and earlier)
4) Avira Free Security Suite 15.0 (and earlier)

Successful exploitation of the vulnerability may allow an attacker to:

1) Turn the Antivirus into a malware.
2) Modify the Antivirus internal behavior.
3) Abuse the Antivirus trusted nature.
4) Encrypt all files or format the computer's hard drives.
5) Cause a Denial of Service.

The vendor has not confirmed the vulnerability and no patch has been released as of now.