Full Disclosure mailing list archives
CVE-2018-8955: Bitdefender GravityZone Arbitrary Code Execution
From: Kyriakos Economou <kyrecon () anti-reversing com>
Date: Mon, 22 Oct 2018 16:01:48 +0300
We recently identified a vulnerability in the digitally signed Bitdefender GravityZone installer.
The vulnerability allows an attacker to execute malicious code without breaking the original digital signature, and without embedding anything malicious into the installer itself.
This means that an appropriately positioned attacker can cause the signed installer to run an arbitrary remotely hosted executable.
For more information regarding these issues please visit: https://labs.nettitude.com/blog/cve-2018-8955-bitdefender-gravityzone-arbitrary-code-execution/
Cheers, kyREcon _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- CVE-2018-8955: Bitdefender GravityZone Arbitrary Code Execution Kyriakos Economou (Oct 23)