Code Injection Vulnerability in Bitdefender Antivirus Products
CVE-2017-6186

6.7MEDIUM

Key Information:

Vendor

Bitdefender

Status
Internet Security
Total Security
Antivirus Plus
Vendor
CVE Published:
21 March 2017
đź”” Create Bitdefender Vulnerability Alert

What is CVE-2017-6186?

This vulnerability in Bitdefender's security products allows a local attacker to bypass self-protection measures and inject arbitrary code, potentially leading to full control of any Bitdefender process. The issue arises from the absence of the Protected Processes feature, which normally restricts local processes from modifying Image File Execution Options. An attacker can exploit this vulnerability using a method known as the 'DoubleAgent' attack, which involves temporarily renaming Image File Execution Options to evade detection and successfully execute malicious code.

References

http://cybellum.com/doubleagent-taking-full-control-antiv...
x_refsource_MISC
http://www.securityfocus.com/bid/97024
vdb-entryx_refsource_BID
http://cybellum.com/doubleagentzero-day-code-injection-an...
x_refsource_MISC

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.