1. Home
  2. CVE Database
  3. CVE-2019-14242
MEDIUM · 6.7

CVE-2019-14242

An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefen...

Vulnerability Description

An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges.

CVSS Score

6.7

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
BitdefenderAntivirus Plus< 23.0.24.120
BitdefenderEndpoint Security Tool< 6.6.8.115
BitdefenderInternet Security< 23.0.24.120
BitdefenderTotal Security< 23.0.24.120
MicrosoftWindows-

Related Weaknesses (CWE)

CWE-427

References

FAQ

What is CVE-2019-14242?

CVE-2019-14242 is a vulnerability with a CVSS score of 6.7 (MEDIUM). An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefen...

How severe is CVE-2019-14242?

CVE-2019-14242 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-14242?

Check the references section above for vendor advisories and patch information. Affected products include: Bitdefender Antivirus Plus, Bitdefender Endpoint Security Tool, Bitdefender Internet Security, Bitdefender Total Security, Microsoft Windows.