CVE-2018-8955 – Bitdefender GravityZone – Arbitrary Code Execution

  • CVE-2018-8955
  • Reported by Kyriakos Economou (@kyREcon)
  • Date of discovery: 18 March 2018
  • Bitdefender informed: 19 March 2018
  • Bitdefender acknowledged vulnerability: 20 March 2018
  • Bitdefender marked the vulnerability as severe: 29 March 2018
  • Bitdefender requested extra time to address certificates revocation: 12 April 2018
  • Public Disclosure: 16 October 2018

Identified a vulnerability in the digitally signed Bitdefender GravityZone installer which allows an attacker to execute malicious code without breaking the original digital signature, and without embedding anything malicious into the installer itself.

This means that an appropriately positioned attacker can cause the signed installer to run an arbitrary remotely hosted executable.

Nettitude – Exploitation Write-up (PDF)

All Rights R3v3rs3d