That's because, for some reason, Avast has removed what Ormandy calls a "critical security check" that prevents non-Web-related URL schemes from being opened from the command line.
And not just any URL like or ones, but also local or internal URL schemes like file:/// or chrome://. A malicious website opened in any browser can therefore send commands to this service by forcing the browser to make requests to While most of the available commands are not particularly dangerous, there is one called SWITCH_TO_SAFEZONE that can be used to open a URL in Avastium.
Ormandy created a Web-based proof of concept exploit that can list the contents of the computer's C:\ drive, but an attacker could easily extend it to have any potentially interesting files sent back to him.Īccording to the Google researcher, Avast opens a Web accessible RPC service on the local computer that listens on port 27275.
0 kommentar(er)
