Description
An Improper link resolution before file access ('link following') vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue affects Total Security: before 27.0.58.315; Internet Security: before 27.0.58.315.
Problem types
CWE-59 Improper link resolution before file access ('link following')
Product status
Any version before 27.0.58.315
Any version before 27.0.58.315
Credits
Anonymous working with TrendAI Zero Day Initiative
References
www.bitdefender.com/...le-access-via-link-following-va-13681