Description
A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.
Problem types
CWE-59 Improper Link Resolution Before File Access ('Link Following')
Product status
Any version before 27.10.45.497
Any version before 27.10.45.497
Any version before 27.10.45.497
Credits
Filip Dragovic (@filip_dragovic)
References
www.bitdefender.com/...operation-in-bitdefender-atc-va-12590
