Vulnerability-Lookup

CNVD-2020-17182

Vulnerability from cnvd - Published: 2020-03-15

Title

Bitdefender Antivirus Free代码问题漏洞

Description

Bitdefender Antivirus Free是罗马尼亚比特梵德（Bitdefender）公司的一套主要提供网络威胁检测和勒索软件防护功能的免费版本杀毒软件。 Bitdefender Antivirus Free存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。目前暂无详细的漏洞细节提供。

Severity

高

Patch Name

Bitdefender Antivirus Free代码问题漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-serviceinstance-dll-bitdefender-antivirus-free-2020/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-15295

Impacted products

Name
Bitdefender Bitdefender Antivirus Free <2020 1.0.15.138(ServiceInstance.dll库<=1.0.15.119)

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-15295",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-15295"
    }
  },
  "description": "Bitdefender Antivirus Free\u662f\u7f57\u9a6c\u5c3c\u4e9a\u6bd4\u7279\u68b5\u5fb7\uff08Bitdefender\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e3b\u8981\u63d0\u4f9b\u7f51\u7edc\u5a01\u80c1\u68c0\u6d4b\u548c\u52d2\u7d22\u8f6f\u4ef6\u9632\u62a4\u529f\u80fd\u7684\u514d\u8d39\u7248\u672c\u6740\u6bd2\u8f6f\u4ef6\u3002\n\nBitdefender Antivirus Free\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u7684\u4ee3\u7801\u5f00\u53d1\u8fc7\u7a0b\u4e2d\u5b58\u5728\u8bbe\u8ba1\u6216\u5b9e\u73b0\u4e0d\u5f53\u7684\u95ee\u9898\u3002\u76ee\u524d\u6682\u65e0\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-serviceinstance-dll-bitdefender-antivirus-free-2020/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-17182",
  "openTime": "2020-03-15",
  "patchDescription": "Bitdefender Antivirus Free\u662f\u7f57\u9a6c\u5c3c\u4e9a\u6bd4\u7279\u68b5\u5fb7\uff08Bitdefender\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e3b\u8981\u63d0\u4f9b\u7f51\u7edc\u5a01\u80c1\u68c0\u6d4b\u548c\u52d2\u7d22\u8f6f\u4ef6\u9632\u62a4\u529f\u80fd\u7684\u514d\u8d39\u7248\u672c\u6740\u6bd2\u8f6f\u4ef6\u3002\r\n\r\nBitdefender Antivirus Free\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u7684\u4ee3\u7801\u5f00\u53d1\u8fc7\u7a0b\u4e2d\u5b58\u5728\u8bbe\u8ba1\u6216\u5b9e\u73b0\u4e0d\u5f53\u7684\u95ee\u9898\u3002\u76ee\u524d\u6682\u65e0\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Bitdefender Antivirus Free\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Bitdefender Bitdefender Antivirus Free \u003c2020 1.0.15.138(ServiceInstance.dll\u5e93\u003c=1.0.15.119)"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-15295",
  "serverity": "\u9ad8",
  "submitTime": "2019-09-05",
  "title": "Bitdefender Antivirus Free\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2019-15295 (GCVE-0-2019-15295)

Vulnerability from cvelistv5 – Published: 2019-08-21 17:16 – Updated: 2024-08-05 00:42

Summary

An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.bitdefender.com/support/security-advi…	x_refsource_CONFIRM
	https://safebreach.com/Post/BitDefender-Antivirus…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:42:03.697Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-serviceinstance-dll-bitdefender-antivirus-free-2020/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-26T20:32:42",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-serviceinstance-dll-bitdefender-antivirus-free-2020/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-15295",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-serviceinstance-dll-bitdefender-antivirus-free-2020/",
              "refsource": "CONFIRM",
              "url": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-serviceinstance-dll-bitdefender-antivirus-free-2020/"
            },
            {
              "name": "https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM",
              "refsource": "MISC",
              "url": "https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-15295",
    "datePublished": "2019-08-21T17:16:38",
    "dateReserved": "2019-08-21T00:00:00",
    "dateUpdated": "2024-08-05T00:42:03.697Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-17182

CVE-2019-15295 (GCVE-0-2019-15295)

Tags

Sightings

Nomenclature