PT-2017-11629 · Bitdefender · Bitdefender Total Security

Bee13Oy

Publicado

2017-08-17

Atualizado

2019-10-09

CVE-2017-10950

CVSS v3.1

7.0

Alta

Vetor

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Bitdefender Total Security version 21.0.24.62

Description This issue allows local attackers to execute arbitrary code on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system. The flaw exists within the processing of the 0x8000E038 IOCTL in the bdfwfpf driver, resulting from the lack of validating the existence of an object prior to performing operations on it. An attacker could leverage this to execute arbitrary code in the context of SYSTEM.

Recommendations For Bitdefender Total Security version 21.0.24.62, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Double Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-415

Identificadores relacionados

CVE-2017-10950

ZDI-17-693

Produtos afetados

Bitdefender Total Security

PT-2017-11629 · Bitdefender · Bitdefender Total Security

CVE-2017-10950

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4