CVE-2017-6186

Name of the Vulnerable Software and Affected Versions Bitdefender Total Security versions prior to 12.0 Bitdefender Internet Security versions prior to 12.0 Bitdefender Antivirus Plus versions prior to 12.0

Description A code injection issue allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a "DoubleAgent" attack. This is possible because the products do not use the Protected Processes feature, allowing an attacker to enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry. The self-protection mechanism, intended to block local processes from modifying Image File Execution Options, can be bypassed by temporarily renaming Image File Execution Options during the attack.

Recommendations For Bitdefender Total Security versions prior to 12.0, update to a version that includes the fix for this issue. For Bitdefender Internet Security versions prior to 12.0, update to a version that includes the fix for this issue. For Bitdefender Antivirus Plus versions prior to 12.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the registry to minimize the risk of exploitation.