QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-10950

Back to search

CVE-2017-10950

Published: Aug 29, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0.24.62. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within processing of the 0x8000E038 IOCTL in the bdfwfpf driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker could leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-4776.

VendorProductVersions

Zero Day Initiative

Bitdefender Total Security

affected
21.0.24.62

Weaknesses (CWE)

CWE-415

References

100418
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now