Software that uses virtualization technology like offerings from VMware can also be susceptible to vulnerabilities or bugs, just like any other software can. Daemon has been known to have issues with malware and spyware in the past, especially the free versions. This time, public information was released about a critical vulnerability in Disc Soft Ltd Daemon‘s Daemon Tools Pro product.

The Daemon Tools Pro Vulnerability

Security researcher Piotr Bania at Cisco Talos Intelligence discovered a security flaw in Daemon Tools. Cisco Talos released a vulnerability report on August 17th, 2021 concerning a critical vulnerability in the Daemon Tools Pro product. The software vulnerability, if unpatched, can lead to the full compromise of a vulnerable system.

Technical Details

The critical vulnerability has been ascribed CVE ID code CVE-2021-21832. It is a high-risk integer overflow vulnerability in the feature functionality that scores an 8.1 on the CVSS scale. If successfully exploited, a remote attacker (hacker) is able to execute arbitrary code on the target system. An attacker can compromise a vulnerable system by crafting data and triggering integer overflow thereby being able to execute code on a targetted system. Due to this ISO Parsing memory corruption vulnerability, an attacker may be able to trigger an out-of-bounds write by providing a malicious file.

Vulnerable Software Versions

Users should know that Daemon Tools Pro: 8.3.0.0767 is vulnerable to the above flaw.

The Current Situation

It is important for users to know that, as it stands, there is no patch (update) available for this vulnerability. It is unclear whether this vulnerability has been exploited in the wild, but users should watch for a software update from Disc Soft Ltd Daemon as well as check for any automatic update notifications.

Critical Vulnerability Discovered Within Daemon Tools Pro - 43Critical Vulnerability Discovered Within Daemon Tools Pro - 19Critical Vulnerability Discovered Within Daemon Tools Pro - 58Critical Vulnerability Discovered Within Daemon Tools Pro - 67