avast! "doesn't do anything". But can you execute EICAR? If file is left on disk, that doesn't mean avast! didn't prevent its execution. The execution was blocked, the file was just not deleted/quarantined. Thats all. So in the end avast! did detect the file, but since it's graphic user interface was terminated it just blocked the file and finishes at that. If GUI was available, it would have asked the user what do to with the file. So bottom line, i don't see this as vulnerability. Unless you can get the malware to execute when ashDisp.exe is terminated.