Vulnerability Details CVE-2019-15295
An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.5%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 9.3
References
- https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM
- https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-serviceinstance-dll-bitdefender-antivirus-free-2020/
- https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM
- https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-serviceinstance-dll-bitdefender-antivirus-free-2020/
Products affected by CVE-2019-15295
-
cpe:2.3:a:bitdefender:antivirus_2020:-