QwikSec

Security Database

CVE

CWE

Training

CVE-2018-8955

Published: Oct 24, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://packetstormsecurity.com/files/149900/Bitdefender-GravityZone-Installer-Signature-Bypass-Code-Execution.html

x_refsource_MISC

https://labs.nettitude.com/blog/cve-2018-8955-bitdefender-gravityzone-arbitrary-code-execution/

x_refsource_MISC

20181023 CVE-2018-8955: Bitdefender GravityZone Arbitrary Code Execution

mailing-list

x_refsource_FULLDISC

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.