阿里云漏洞库

漏洞描述

Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.3.146.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://www.bitdefender.com/support/security-advisories/incorrect-permission-...
https://www.zerodayinitiative.com/advisories/ZDI-22-484/

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	bitdefender	antivirus_plus	*		Up to (excluding) 26.0.3.29
	运行在以下环境
	应用	bitdefender	endpoint_security_tools	*		Up to (excluding) 7.4.3.146
	运行在以下环境
	应用	bitdefender	internet_security	*		Up to (excluding) 26.0.3.29
	运行在以下环境
	应用	bitdefender	total_security	*		Up to (excluding) 26.0.3.29
	运行在以下环境
	系统	fedora_33	strongswan	*		Up to (excluding) 5.9.4-1.fc33
	运行在以下环境
	系统	fedora_34	strongswan	*		Up to (excluding) 5.9.4-1.fc34
	运行在以下环境
	系统	fedora_35	strongswan	*		Up to (excluding) 5.9.4-1.fc35
	运行在以下环境
	系统	fedora_36	strongswan	*		Up to (excluding) 5.9.4-1.fc36
	运行在以下环境
	系统	fedora_EPEL_8	strongswan	*		Up to (excluding) 5.9.4-1.el8
	运行在以下环境
	系统	kylinos_aarch64_V10SP2	strongswan	*		Up to (excluding) 5.7.2-7.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP2	strongswan	*		Up to (excluding) 5.7.2-7.ky10
	运行在以下环境
	系统	opensuse_Leap_15.2	strongswan	*		Up to (excluding) 5.8.2-lp152.2.18.1
	运行在以下环境
	系统	opensuse_Leap_15.3	strongswan	*		Up to (excluding) 5.8.2-11.21.1

攻击路径

本地
攻击复杂度

低
权限要求

低
影响范围

未更改
用户交互

无
可用性

高
保密性

高
完整性

高

CWE-ID	漏洞类型
CWE-732	关键资源的不正确权限授予

bitdefender antivirus_plus 关键资源的不正确权限授予

漏洞描述

解决建议

参考链接

受影响软件情况