Publication date: May 26th, 2020
A vulnerability in the AnchorFree VPN SDK component as used in Bitdefender Premium VPN versions 24.0.4.702 and earlier allows an attacker to pass data to a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTEM privileges.
This issue affects AnchorFree VPN SDK 1.3.3.218 version as used in Bitdefender Premium VPN 24.0.4.702 version and prior versions.