CVE-2017-10954

Name of the Vulnerable Software and Affected Versions Bitdefender Internet Security version prior to build 7.72918

Description This issue allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within pdf.xmd due to the lack of proper validation of user-supplied data, resulting in an integer overflow before allocating a buffer. An attacker can leverage this to execute code under the context of SYSTEM.

Recommendations For Bitdefender Internet Security version prior to build 7.72918, update to a version after build 7.72918 to resolve the issue. As a temporary workaround, consider restricting access to pdf.xmd to minimize the risk of exploitation. Avoid opening malicious files or visiting suspicious links to reduce the risk of attack.