CVE-2021-45337: 
Avast Antivirus vulnerability analysis and mitigation

A privilege escalation vulnerability was identified in the Self-Defense driver of Avast Antivirus versions prior to 20.8 (CVE-2021-45337). The vulnerability allows a local user with SYSTEM privileges to gain elevated privileges by 'hollowing' the process wsc_proxy.exe, which could lead to acquiring antimalware (AM-PPL) protection (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. The CVSS v2.0 Base Score is 7.2 (HIGH) with vector (AV:L/AC:L/Au:N/C:C/I:C/A:C). The vulnerability specifically affects the Self-Defense driver component and involves process hollowing techniques targeting the wsc_proxy.exe process (NVD).

The successful exploitation of this vulnerability could allow an attacker with SYSTEM privileges to elevate their access further by acquiring antimalware (AM-PPL) protection. This could potentially compromise the security mechanisms of the affected systems (NVD).

Users should upgrade their Avast Antivirus installations to version 20.8 or later to address this vulnerability. The vendor has released a patch to fix the issue (Avast Advisory).