messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016)

Publication date: March 7th, 2022

CVSS scrore:
6.1 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Affected vendors:
Affected products:
- Bitdefender Total Security; Bitdefender Internet Security; Bitdefender Antivirus Plus; Bitdefender VPN Standalone; Bitdefender Endpoint Security Tools
Vulnerability details:

A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files.

This issue affects:
Bitdefender Total Security versions prior to
Bitdefender Internet Security versions prior to
Bitdefender Antivirus Plus versions prior to
Bitdefender Endpoint Security Tools versions prior to
Bitdefender VPN Standalone versions prior to

Additional details:
An automatic update to these new product versions fixes the issue: - Bitdefender Total Security version - Bitdefender Internet Security version - Bitdefender Antivirus Plus version - Bitdefender VPN Standalone version - Bitdefender Endpoint Security Tools version
Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative