PT-2019-3092 · Bitdefender · Bitdefender Antivirus Free 2020+1
Published
2019-08-21
·
Updated
2019-08-28
·
CVE-2019-15295
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138
ServiceInstance.dll library versions 1.0.15.119 and lower
Description
The issue is related to errors in checking the path of loaded dynamic libraries in the ServiceInstance.dll library of Bitdefender Antivirus Free 2020. Exploitation of this issue may allow an attacker to elevate their privileges. An Untrusted Search Path vulnerability allows an attacker to load an arbitrary DLL file from the search path.
Recommendations
For Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, update to version 1.0.15.138 or later to resolve the issue.
For ServiceInstance.dll library versions 1.0.15.119 and lower, update to a version higher than 1.0.15.119 to resolve the issue.
Fix
Untrusted Search Path
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bitdefender Antivirus Free 2020
Serviceinstance.Dll