Directory Deletion Vulnerability in Avast Premium Security by Avast
CVE-2021-27241

6.1MEDIUM

Key Information:

Vendor: Avast
Status: Premium Security
Vendor: CVE Published:; 29 March 2021

What is CVE-2021-27241?

This vulnerability in Avast Premium Security enables local attackers to delete arbitrary directories by leveraging the AvastSvc.exe module. Once low-privileged code execution is achieved on the target system, an attacker can create a directory junction to exploit this flaw. This may lead to a denial-of-service condition, effectively interrupting operations on affected installations.

Affected Version(s)

Premium Security 20.8.2429 (Build 20.8.5653.561)

References

https://www.zerodayinitiative.com/advisories/ZDI-21-208/

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 29, 2021
Vulnerability Reserved
Feb 16, 2021

Credit

Abdelhamid Naceri