CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-10950

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0.24.62. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within processing of the 0x8000E038 IOCTL in the bdfwfpf driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker could leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-4776.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.3%

CVSS Severity

CVSS v3 Score 7.0

CVSS v2 Score 6.9

References

http://www.securityfocus.com/bid/100418
https://zerodayinitiative.com/advisories/ZDI-17-693
http://www.securityfocus.com/bid/100418
https://zerodayinitiative.com/advisories/ZDI-17-693

Products affected by CVE-2017-10950

Bitdefender » Total Security » Version: 21.0.24.62

cpe:2.3:a:bitdefender:total_security:21.0.24.62

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-10950

Products

Pricing

Contact Us