Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files.
References
Link | Resource |
---|---|
https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5 | Exploit Third Party Advisory |
https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0 | Vendor Advisory |
Configurations
History
07 Jan 2022, 17:29
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 8.8 |
CPE | cpe:2.3:a:avast:antivirus:*:*:*:*:*:*:*:* | |
CWE | CWE-276 | |
References | (MISC) https://github.com/the-deniss/Vulnerability-Disclosures/tree/main/CVE-2021-AVST3%20%26%20CVE-2021-AVST4%20%26%20CVE-2021-AVST5 - Exploit, Third Party Advisory | |
References | (MISC) https://www.avast.com/hacker-hall-of-fame/en/researcher-david-eade-reports-antitrack-bug-to-avast-0 - Vendor Advisory |
27 Dec 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-27 14:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-45335
Mitre link : CVE-2021-45335
CVE.ORG link : CVE-2021-45335
JSON object : View
Products Affected
avast
- antivirus
CWE
CWE-276
Incorrect Default Permissions