Just to add, you don't have to be concerned about this issue too much...
For a potential attacker, it would be a very impractical way to exploit the system.
And I have to add that the bug is actually in the Microsoft runtime libraries (that avast, as well as any other application compiled in Visual C++ using MFC, uses).