messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016)
CVE-2021-4198

6.1MEDIUM

Key Information:

Vendor: Bitdefender
Status: Total Security; Internet Security; Antivirus Plus; Endpoint Security Tools
Vendor: CVE Published:; 7 March 2022

🔔 Create Bitdefender Vulnerability Alert

What is CVE-2021-4198?

A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48.

Affected Version(s)

Antivirus Plus < 26.0.3.29

Endpoint Security Tools < 7.2.2.92

Internet Security < 26.0.3.29

References

https://www.bitdefender.com/support/security-advisories/m...

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-22-483/

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2022
Vulnerability Reserved
Jan 4, 2022

Credit

Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative