CVE-2021-27241

Name of the Vulnerable Software and Affected Versions: Avast Premium Security version 20.8.2429 (Build 20.8.5653.561)

Description: This issue allows local attackers to delete arbitrary directories on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the AvastSvc.exe module. By creating a directory junction, an attacker can abuse the service to delete a directory. An attacker can leverage this issue to create a denial-of-service condition on the system.

Recommendations: For Avast Premium Security version 20.8.2429 (Build 20.8.5653.561), consider disabling the AvastSvc.exe module as a temporary workaround until a patch is available. Restrict access to the AvastSvc.exe module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.