Back

Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8387)

Publication date: April 21st, 2020

CVE ID:

CVE-2020-8099

CVSS scrore:

7.1 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

Affected vendors:

Bitdefender

Affected products:

Bitdefender Antivirus Free 2020

Vulnerability details:

A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.

Additional details:

An automated update to version 1.0.17 or higher fixes the issue.

Credit:

Jimmy Bayne