{"id":51225,"date":"2025-06-13T01:39:49","date_gmt":"2025-06-13T01:39:49","guid":{"rendered":""},"modified":"2025-10-10T00:14:24","modified_gmt":"2025-10-10T06:14:24","slug":"cve-2024-13961-local-privilege-escalation-vulnerability-in-avast-cleanup-premium","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2024-13961-local-privilege-escalation-vulnerability-in-avast-cleanup-premium\/","title":{"rendered":"<strong>CVE-2024-13961: Local Privilege Escalation Vulnerability in Avast Cleanup Premium<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The CVE-2024-13961 vulnerability is a critical security flaw found in Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64. This vulnerability can be exploited by local attackers to escalate their privileges and execute arbitrary code in the context of SYSTEM. It has serious implications for the security of any <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-22040-race-condition-vulnerability-in-linux-kernel-resulting-in-potential-system-compromise\/\"  data-wpil-monitor-id=\"57883\">system running the affected software as it could potentially<\/a> lead to system compromise or data leakage, making it a high-risk vulnerability that needs to be addressed immediately.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2024-13961<br \/>\nSeverity: High (CVSS: 7.8)<br \/>\nAttack Vector: Local<br \/>\nPrivileges Required: Low<br \/>\nUser Interaction: None<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2021-47668-linux-kernel-vulnerability-leading-to-potential-system-compromise-or-data-leakage\/\"  data-wpil-monitor-id=\"57884\">System compromise and potential data<\/a> leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-3408931351\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p><a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-13962-local-privilege-escalation-in-avast-cleanup-premium\/\"  data-wpil-monitor-id=\"59644\">Avast Cleanup<\/a> Premium | 24.2.16593.17810<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>This <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-41714-critical-vulnerability-in-upload-endpoint-causing-arbitrary-file-write-and-potential-remote-code-execution\/\"  data-wpil-monitor-id=\"89521\">vulnerability is caused<\/a> by a TOCTTOU (time-of-check to time-of-use) flaw in the TuneupSvc component of Avast Cleanup Premium. An attacker can exploit this flaw by creating a <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-1079-client-remote-code-execution-via-improper-symbolic-link-resolution-in-google-web-designer\/\"  data-wpil-monitor-id=\"59566\">symbolic link<\/a> and leveraging a race condition. This allows them to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-4631-privilege-escalation-vulnerability-in-profitori-wordpress-plugin\/\"  data-wpil-monitor-id=\"57424\">escalate their privileges<\/a> and execute arbitrary code in the context of SYSTEM, effectively gaining full control over the affected system.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-2118410731\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>The exact mechanics of the exploit depend on the specific environment, but the general idea is shown in the pseudocode below:<\/p>\n<pre><code class=\"\" data-line=\"\">\/\/ Attacker creates a symbolic link\ncreate_symlink(&quot;\/path\/to\/vulnerable\/file&quot;, &quot;\/path\/to\/attacker\/controlled\/file&quot;);\n\/\/ Attacker leverages TOCTTOU race condition\nwhile(true) {\nif (check_file_access(&quot;\/path\/to\/vulnerable\/file&quot;)) {\nexecute_code_as_system(&quot;\/path\/to\/attacker\/controlled\/file&quot;);\nbreak;\n}\n}<\/code><\/pre>\n<p>In this pseudocode, the `create_symlink` function creates a symbolic link from a file in a location that the TuneupSvc component is known to write to a file that the attacker controls. The `check_file_access` function checks if the TuneupSvc component is about to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-1883-out-of-bounds-write-vulnerability-in-solidworks-edrawings-obj-file-reading-procedure\/\"  data-wpil-monitor-id=\"58187\">write to the file<\/a>, and if it is, the `execute_code_as_system` function is called to execute arbitrary code in the context of SYSTEM.<\/p>\n<p><strong>Mitigation and Prevention<\/strong><\/p>\n<p>The vendor has released a patch to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-49842-critical-memory-corruption-vulnerability-in-protected-vm-address-space\/\"  data-wpil-monitor-id=\"58884\">address this vulnerability<\/a>, and all users are strongly urged to apply this patch immediately. As a temporary measure before the patch can be applied, users can make use of a Web Application Firewall (WAF) or Intrusion Detection System (IDS) to help mitigate <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3090-unauthenticated-remote-attack-leading-to-potential-data-leakage-and-system-compromise\/\"  data-wpil-monitor-id=\"86475\">potential attacks<\/a>. However, these are only temporary solutions and the patch should be applied as soon as <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-54742-data-deserialization-vulnerability-in-wpevently-leading-to-possible-system-compromise\/\"  data-wpil-monitor-id=\"86474\">possible to fully mitigate the vulnerability<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The CVE-2024-13961 vulnerability is a critical security flaw found in Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64. This vulnerability can be exploited by local attackers to escalate their privileges and execute arbitrary code in the context of SYSTEM. It has serious implications for the security of any system running the affected [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[82],"product":[],"attack_vector":[76],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-51225","post","type-post","status-publish","format-standard","hentry","category-uncategorized","vendor-microsoft","attack_vector-privilege-escalation"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/51225","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=51225"}],"version-history":[{"count":8,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/51225\/revisions"}],"predecessor-version":[{"id":82364,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/51225\/revisions\/82364"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=51225"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=51225"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=51225"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=51225"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=51225"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=51225"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=51225"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=51225"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=51225"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}