Privilege Escalation in Avast Antivirus Sandbox Component
CVE-2021-45336

8.8HIGH

Key Information:

Vendor: Avast
Status: Antivirus
Vendor: CVE Published:; 27 December 2021

What is CVE-2021-45336?

This vulnerability allows local sandboxed code in the Sandbox component of Avast Antivirus to exploit system IPC interfaces. By leveraging this flaw, unauthorized code could bypass the sandbox restrictions, gain elevated privileges, and execute commands with SYSTEM-level access. This effectively undermines the security model of the affected product, highlighting the importance of addressing such vulnerabilities promptly.

References

https://www.avast.com/hacker-hall-of-fame/en/researcher-d...

x_refsource_MISC

https://github.com/the-deniss/Vulnerability-Disclosures/t...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 27, 2021
Vulnerability Reserved
Dec 20, 2021