AVG Remote Administration StoreServerConfig Command Remote Code Execution Exploit

The AVG Administration Server is vulnerable to arbitrary configuration settings. Due to insufficient input validation, an attacker can use the StoreServerConfig command (command id 0x27) to set the value of the ClientLibraryName parameter to a UNC path. The provided value can be a path to a network share containing a malicious .dll file. This .dll file will be executed in the context of the AVG Administration Server service which runs as SYSTEM.
Exploit type: 
Platform: 
Vulnerabilty ID: 
NOCVE-9999-64522
Product Version: 
2014_R2
Released Date: 
Monday, May 11, 2015 - 00:00