{"vulnerability": "CVE-2021-45335", "sightings": [{"uuid": "b1865bcc-0c3c-46cf-9391-8a8cc54dd675", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-45335", "type": "seen", "source": "https://t.me/cibsecurity/34671", "content": "\u203c CVE-2021-45335 \u203c\n\nSandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-27T16:23:13.000000Z"}, {"uuid": "5cd353f7-0ac4-4cf8-93e5-86812dd27e0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-45335", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7732", "content": "#exploit\n1. CVE-2021-45335, CVE-2021-45336, CVE-2021-45337:\nEoP from Everyone through Avast Sandbox to System AmPPL\nhttps://the-deniss.github.io/posts/2023/02/09/elevation-of-privileges-from-everyone-through-avast-av-sandbox-to-system-amppl.html\n\n2. CVE-2023-21746:\nThe LocalPotato attack - type of NTLM reflection attack that targets local authentication\nhttps://github.com/decoder-it/LocalPotato", "creation_timestamp": "2023-02-14T04:50:02.000000Z"}]}