Back

Untrusted Search Path vulnerability in ServiceInstance.dll (Bitdefender Antivirus Free 2020)

Publication date: August 21st, 2019

CVE ID:

CVE-2019-15295

CVSS scrore:

5.9 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N/E:P/RL:O/RC:C

Affected vendors:

Bitdefender

Affected products:

Bitdefender Antivirus Free 2020

Vulnerability details:

An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path.

Additional details:

The issue was resolved in Bitdefender Antivirus Free version 1.0.15.138. Mitigation delivered automatically to affected userbase.

Credit:

Peleg Hadar of SafeBreach Labs