Back

Untrusted Search Path vulnerability in Bitdefender Total Security 2020 (VA-5895)

Publication date: December 19th, 2019


CVE ID:
CVE-2019-17100
CVSS scrore:
5.2 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Affected vendors:
Bitdefender
Affected products:
Bitdefender Total Security 2020
Vulnerability details:

An Untrusted Search Path vulnerability in bdserviceshost.exe of Bitdefender Total Security 2020 allows an attacker to execute arbitrary code.

Additional details:
Automatic update to Bitdefender Total Security version 24.0.12.69 mitigates the issue
Credit:
Trần Văn Khang (aka Khang Kì Tổ) — Infiniti Team, VinCSS (a member of Vingroup)