Vulnerability Description
An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitdefender | Antivirus 2020 | < 1.0.15.138 |
Related Weaknesses (CWE)
References
- https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-EscalationThird Party Advisory
- https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vuVendor Advisory
- https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-EscalationThird Party Advisory
- https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vuVendor Advisory
FAQ
What is CVE-2019-15295?
CVE-2019-15295 is a vulnerability with a CVSS score of 7.8 (HIGH). An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to ...
How severe is CVE-2019-15295?
CVE-2019-15295 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-15295?
Check the references section above for vendor advisories and patch information. Affected products include: Bitdefender Antivirus 2020.