Back

Incorrect Permission Assignment for Critical Resource vulnerability in BDReinit.exe (VA-10017)

Publication date: March 7th, 2022

CVE ID:

CVE-2021-4199

CVSS scrore:

7.8 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected vendors:

Bitdefender

Affected products:

Bitdefender Total Security; Bitdefender Internet Security; Bitdefender Antivirus Plus; Bitdefender Endpoint Security for Windows

Vulnerability details:

Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM.

This issue affects:

Bitdefender Total Security versions prior to 26.0.3.29.
Bitdefender Internet Security versions prior to 26.0.3.29.
Bitdefender Antivirus Plus versions prior to 26.0.3.29.
Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.3.146.

Additional details:

An automatic update to the following product versions fixes the issue: - Bitdefender Total Security version 26.0.3.29. - Bitdefender Internet Security version26.0.3.29. - Bitdefender Antivirus Plus version 26.0.3.29. - Bitdefender Endpoint Security Tools for Windows version 7.4.3.146.

Credit:

Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative