Back

Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8604)

Publication date: June 5th, 2020


CVE ID:
CVE-2020-8103
CVSS scrore:
7.2 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Affected vendors:
Bitdefender
Affected products:
Bitdefender Antivirus Free 2020
Vulnerability details:

A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178.

Additional details:
An automatic update to Bitdefender Antivirus Free version 1.0.17.178 or newer fixes the issue.
Credit:
Ilias Dimopoulos of RedyOps Research Labs