Back
Untrusted Search Path vulnerability in EPSecurityService.exe (VA-3500)
Publication date: December 30th, 2019
CVSS scrore:
5.3 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
Affected vendors:
Bitdefender
Affected products:
Bitdefender EPSecurityService.exe versions prior to 6.6.11.163
Vulnerability details:
An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path.
Additional details:
Automatic update to version 6.6.11.163 mitigates the issue.
Credit:
Bugcrowd user khangkito