[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] CVE-2018-8955: Bitdefender GravityZone Arbitrary Code Execution

To: Fulldisclosure <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] CVE-2018-8955: Bitdefender GravityZone Arbitrary Code Execution
From: Kyriakos Economou <kyrecon@xxxxxxxxxxxxxxxxxx>
Date: Mon, 22 Oct 2018 16:01:48 +0300

We recently identified a vulnerability in the digitally signedBitdefender GravityZone installer.

The vulnerability allows an attacker to execute malicious code withoutbreaking the original digital signature, and without embedding anythingmalicious into the installer itself.

This means that an appropriately positioned attacker can cause thesigned installer to run an arbitrary remotely hosted executable.

For more information regarding these issues please visit:https://labs.nettitude.com/blog/cve-2018-8955-bitdefender-gravityzone-arbitrary-code-execution/


Cheers,
kyREcon

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Vulnerabilities in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4
Next by Date: [FD] RootedCON 2019 Call For Papers is open!
Previous by thread: [FD] Vulnerabilities in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4
Next by thread: [FD] RootedCON 2019 Call For Papers is open!
Index(es):
- Date
- Thread