cve/CVE-2018-8955.md at c42a8175e7a919537d1a63deb490ade8c3ea0285

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-01 03:00:54 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged.

POC

Reference

http://packetstormsecurity.com/files/149900/Bitdefender-GravityZone-Installer-Signature-Bypass-Code-Execution.html
https://labs.nettitude.com/blog/cve-2018-8955-bitdefender-gravityzone-arbitrary-code-execution/

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/lnick2023/nicenice
https://github.com/qazbnm456/awesome-cve-poc
https://github.com/xbl3/awesome-cve-poc_qazbnm456

1.0 KiB Raw Blame History

CVE-2018-8955

Description

POC

Reference

Github

1.0 KiB

Raw Blame History