Back

Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8387)

Publication date: April 21st, 2020


CVE ID:
CVE-2020-8099
CVSS scrore:
7.1 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
Affected vendors:
Bitdefender
Affected products:
Bitdefender Antivirus Free 2020
Vulnerability details:

A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.

Additional details:
An automated update to version 1.0.17 or higher fixes the issue.
Credit:
Jimmy Bayne