—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Remote Code Execution Vulnerability in DAEMON Tools Lite

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

DAEMON Tools Lite version prior to 12.6

Overview

A vulnerability has been reported in DAEMON Tools Lite which could allow a remote attacker to execute arbitrary code on the targeted system.

Target Audience:

End users and IT administrators responsible for maintaining and updating DAEMON Tools Lite installations.

Risk Assessment:

High risk of remote code execution, information disclosure.

Impact Assessment:

Potential for arbitrary code execution, unauthorized access to sensitive information.

Description

DAEMON Tools Lite is a Windows application that enables users to mount and manage disc image files as virtual CD/DVD/Blu-ray drives, allowing access to software, games, and media without physical optical discs.

A vulnerability exists in DAEMON Tools Lite due to a supply chain attack that compromised its official installation packages. The affected installer packages contained malicious code embedded within legitimate application binaries.

Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the targeted system.

Solution

Apply appropriate updates as mentioned:

https://blog.daemon-tools.cc/post/security-incident

Vendor Information

DAEMON Tools Lite

https://www.daemon-tools.cc/

References

 

https://blog.daemon-tools.cc/post/security-incident

CVE Name

CVE-2026-8398

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmogMkoACgkQ3jCgcSdc

ys+apw//Ujd0ffJFZnjaylGqdGPrN9o+ey1DPvvUXmyO3MZJB/Viz/dhgaVb72Bb

20QqAq/7Vrj21ZpMgA1NKDcBLl9hRZu30uxGS8gMOINqES7Eq6kf1V2PzbPyji+V

4MMNVuYmFZiNIS2gVBqb2R4FSZiFIfoh6KLF4jeb3R4z5GYlmCUZecTlSkO27rs1

BxOSffGmWM56xttEiHzfXduFdo33ZFKUjh2wccOq9tSPovEXujOWGfGOd0i8AQ1M

7brf9/DsJUls0P/7hvezpGXXRBfUXyUOm4eDxTF9HR+Tcjw3x6k1RCEliLW+aeyq

6DdgZWyPza1Ve9iLDxqjeYZF3wbnUehsY+kVPWG3+DzkZSuRdYBZKjEYWuahqNL4

UnSuw4T0UBqVOBX3tGC7yz6gK09FoPTY4Cwm9iZ8f547U4h1qYEnIe/pOQkVMnQ9

WTdJ8vnDjy0TPHGP9c+ofY1EBtL0ONEmb4kFovQjd4Dyqjt34BH6hzg7hFhMTWKr

R3J7qQCwirIyBP1taMhOBZGIjhsrCImqWq//Aia1JCfMcR9h65u1uU/CsOGHTZpS

BWb4GvCQ31Wu5UHfjThhd9YtYxk2XJckTNq2zHoK9tTDI/iBZHAogFgWXJsY7aLj

Rpe57CM9U2Exwm87SChMHFSinzcdEGTL59chH7/v4G8zOMcFYnM=

=ZygP

—–END PGP SIGNATURE—–