Bitdefender Total Security Local Code Execution Vulnerability

Bitdefender Total Security is prone to a local code-execution vulnerability.

A local attacker can leverage this issue to execute arbitrary code in the context of affected application. Failed attempts may lead to denial-of-service conditions.

Bitdefender Total Security 2017 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 101014
Class: Input Validation Error
CVE:
Remote: No
Local: Yes
Published: Sep 27 2017 12:00AM
Updated: Sep 27 2017 12:00AM
Credit: Sachin Wagh (@tiger_tigerboy)
Vulnerable: BitDefender Total Security 2017 0

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

BitDefender Homepage (BitDefender)
Bitdefender Total Security 2017 Unquoted Service Path Vulnerability (secur1tyadvisory.wordpress.com)

Source: www.securityfocus.com

Exploit Collector

Search Exploit