CVE-2017-17408

HIGH

Bitdefender Internet Security 2018 - RCE

Title source: llm

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5101.

Exploits (1)

github 175 stars

by wjl110 · javascriptpoc

https://github.com/wjl110/CVE-Master/tree/main/CVE-2017-17408

View on github

References (1)

[Third Party Advisory, VDB Entry] https://zerodayinitiative.com/advisories/ZDI-17-942

Scores

CVSS v3 8.8

EPSS 0.0634

EPSS Percentile 91.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-190

Status published

Products (2)

Bitdefender/Bitdefender Internet Security 2018

bitdefender/internet_security_2018 < 73447

Published Dec 21, 2017

Tracked Since Feb 18, 2026