Untrusted Search Path vulnerability in ServiceInstance.dll (Bitdefender Antivirus Free 2020)
Publication date: August 21st, 2019
5.9 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N/E:P/RL:O/RC:C
Bitdefender Antivirus Free 2020
An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 22.214.171.124 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 126.96.36.199, allows an attacker to load an arbitrary DLL file from the search path.
The issue was resolved in Bitdefender Antivirus Free version 188.8.131.52. Mitigation delivered automatically to affected userbase.
Peleg Hadar of SafeBreach Labs