CVE-2019-15295
HIGHBitdefender Antivirus Free 2020 < 1.0.15.138 - Untrusted Search Path in ServiceInstance.dll
Title source: llmDescription
An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-serviceinstance-dll-bitdefender-antivirus-free-2020/
Third Party Advisory x_refsource_misc
https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM
Scores
CVSS v3
7.8
EPSS
0.0142
EPSS Percentile
69.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-426
Status
published
Products (1)
bitdefender/antivirus_2020
< 1.0.15.138
Published
Aug 21, 2019
Tracked Since
Feb 18, 2026