CVE-2021-27241

MEDIUM Year: 2021
CVSS v3 Score
6.1
Medium
CVSS v2 Score
3.6
Low
Weakness Type
CWE-59
View all →

Vulnerability Description

This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AvastSvc.exe module. By creating a directory junction, an attacker can abuse the service to delete a directory. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12082.

Related Vulnerabilities

CVE-2013-1866

MEDIUM
CVSS:6.1(Medium)

OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability

CWE-592013

CVE-2013-1867

MEDIUM
CVSS:6.1(Medium)

Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability

CWE-592013

CVE-2015-5700

MEDIUM
CVSS:6.1(Medium)

mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.

CWE-592015

CVE-2015-5701

MEDIUM
CVSS:6.1(Medium)

mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a...

CWE-592015

CVE-2017-12258

MEDIUM
CVSS:6.1(Medium)

A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists be...

CWE-592017

CVE-2020-26277

MEDIUM
CVSS:6.1(Medium)

DBdeployer is a tool that deploys MySQL database servers easily. In DBdeployer before version 1.58.2, users unpacking a tarball may use a maliciously packaged tarball that contains symlinks to files e...

CWE-592020