PT-2017-11629 · Bitdefender · Bitdefender Total Security

Bee13Oy

Published

2017-08-17

Updated

2019-10-09

CVE-2017-10950

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Bitdefender Total Security version 21.0.24.62

Description This issue allows local attackers to execute arbitrary code on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system. The flaw exists within the processing of the 0x8000E038 IOCTL in the bdfwfpf driver, resulting from the lack of validating the existence of an object prior to performing operations on it. An attacker could leverage this to execute arbitrary code in the context of SYSTEM.

Recommendations For Bitdefender Total Security version 21.0.24.62, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

CVE-2017-10950

ZDI-17-693

Affected Products

Bitdefender Total Security

PT-2017-11629 · Bitdefender · Bitdefender Total Security

CVE-2017-10950

Weakness Enumeration

Related Identifiers

Affected Products

References · 4