Vulnerabilities

CVE-2018-8955

by Fred · 24/10/2018

The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file’s digital signature unchanged.

Date published : 2018-10-24

http://seclists.org/fulldisclosure/2018/Oct/44

http://packetstormsecurity.com/files/149900/Bitdefender-GravityZone-Installer-Signature-Bypass-Code-Execution.html

Similar

Tags: Cybersecurity Alert