CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6186
https://notcve.org/view.php?id=CVE-2017-6186
21 Mar 2017 — Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Imag... • http://cybellum.com/doubleagent-taking-full-control-antivirus • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2010-5154
https://notcve.org/view.php?id=CVE-2010-5154
25 Aug 2012 — Race condition in BitDefender Total Security 2010 13.0.20.347 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program... • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 10%CPEs: 3EXPL: 1CVE-2007-5775 – BitDefender Online Scanner 8 - ActiveX Heap Overflow
https://notcve.org/view.php?id=CVE-2007-5775
01 Nov 2007 — Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en BitDefender ejecutar código de su elección a través de vectores no especificados, también conocida como EEYEB-20071024. NOTA: a fecha de 29... • https://www.exploit-db.com/exploits/4663 • CWE-94: Improper Control of Generation of Code ('Code Injection') •