Bitdefender Total Security DLL Loading Local Code Injection Vulnerability CVE-2017-6186
- CVSSv3 Score
- Vulnerability description
Bitdefender Total Security is prone to local code injection vulnerability.
- Risk description
The flaw exists due to the product do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry, the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for this product and this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack. Successful exploitation will allow local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a DoubleAgent attack.
No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
- Not available