Back

Code injection in Bitdefender products for Windows

Publication date: July 29th, 2019


CVE ID:
CVE-2019-14242
CVSS scrore:
4.2 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N/E:P
Affected vendors:
Bitdefender
Affected products:
Bitdefender Endpoint Security Tools - prior to v.6 .6.8.115, Bitdefender Antivirus Plus - prior to v. 23.0.24.120, Bitdefender Internet Security - prior to v. 23.0.24.120, Bitdefender Total Security - prior to v. 23.0.24.120
Vulnerability details:

An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender  Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user rights.

Additional details:
The issue was resolved in Bitdefender Endpoint Security Tools v. 6 .6.8.115, Bitdefender Antivirus Plus v. 23.0.24.120, Bitdefender Internet Security v. 23.0.24.120, Bitdefender Total Security v. 23.0.24.120
Credit:
Edsel Valle of NSS Labs