Local Code Injection Vulnerability in Bitdefender Windows Products
CVE-2019-14242

6.7MEDIUM

Key Information:

Vendor: Bitdefender
Status: Antivirus Plus; Endpoint Security Tool; Internet Security; Total Security
Vendor: CVE Published:; 30 July 2019

🔔 Create Bitdefender Vulnerability Alert

What is CVE-2019-14242?

A vulnerability exists in Bitdefender products for Windows that allows a local attacker with administrator privileges to exploit the system. By creating a malicious DLL file in the %SystemRoot%\System32\ directory, the attacker can execute code with the privileges of the local user, potentially compromising the security of the system. This issue affects various versions of Bitdefender software, necessitating prompt updates to mitigate the risk.

References

https://www.bitdefender.com/support/security-advisories/c...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 30, 2019
Vulnerability Reserved
Jul 23, 2019