Code injection in Bitdefender products for Windows

Publication date: July 29th, 2019

CVSS scrore:
4.2 -
Affected vendors:
Affected products:
Bitdefender Endpoint Security Tools - prior to v.6 .6.8.115, Bitdefender Antivirus Plus - prior to v., Bitdefender Internet Security - prior to v., Bitdefender Total Security - prior to v.
Vulnerability details:

An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender  Total Security versions prior to that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user rights.

Additional details:
The issue was resolved in Bitdefender Endpoint Security Tools v. 6 .6.8.115, Bitdefender Antivirus Plus v., Bitdefender Internet Security v., Bitdefender Total Security v.
Edsel Valle of NSS Labs