| CVE ID | |
| CVSS SCORE | 6.6, AV:L/AC:M/Au:S/C:C/I:C/A:C |
| AFFECTED VENDORS |
Bitdefender |
| AFFECTED PRODUCTS |
Antivirus Plus |
| VULNERABILITY DETAILS |
The specific flaw exists within processing of the 0x8000e038 IOCTL by the bdfwfpf device driver. A crafted buffer sent to the DeviceIoControl API can cause the corruption of pool memory in the kernel because of an integer overflow in the calculation of length for a memcpy command. An attacker can leverage this vulnerability execute arbitrary code in the context of SYSTEM. |
| ADDITIONAL DETAILS |
Bitdefender has issued an update to correct this vulnerability. More details can be found at:
http://www.bitdefender.com/site/view/bug-bounty-hall-of-fame.html |
| DISCLOSURE TIMELINE |
|
| CREDIT | bear13oy of CloverSec Labs |
