Privilege escalation in Bitdefender Total Security - CVE-2017-10950
Published: August 21, 2017 / Updated: August 23, 2017
Vulnerability identifier: #VU7990
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-10950
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Bitdefender
Affected software:
Bitdefender Total Security
Bitdefender Total Security
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on vulnerable installations of Bitdefender Total Security.
The weakness exist due to the lack of validating the existence of an object prior to performing operations on the object. A local attacker can trigger double-free error within processing of the 0x8000E038 IOCTL in the bdfwfpf driver and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exist due to the lack of validating the existence of an object prior to performing operations on the object. A local attacker can trigger double-free error within processing of the 0x8000E038 IOCTL in the bdfwfpf driver and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-10950
The vulnerability is addressed in the following versions: 2017 Build 21.2.25.30 and 2018 Build 22.0.8.114 or later.