Back

Untrusted Search Path Vulnerability in Bitdefender Antivirus Free 2020 (VA-8422)

Publication date: February 7th, 2020


CVE ID:
CVE-2020-8094
CVSS scrore:
8.8 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected vendors:
Bitdefender
Affected products:
Bitdefender Antivirus Free 2020
Vulnerability details:

An untrusted search path vulnerability in testinitsigs.exe as used in Bitdefender Antivirus Free 2020 allows a low-privilege attacker to execute code as SYSTEM via a specially crafted DLL file.

Additional details:
The vulnerability was fixed in Bitdefender Antivirus Free version 1.0.16.152. The fix has been automatically applied to affected instances.
Disclosure timeline:
January 20, 2020 - vulnerability privately reported February 7, 2020 - Fix delivered automatically February 7, 2020 - Coordinated vulnerability disclosure
Credit:
Gábor Selján