CVE-2020-8107

Process Control vulnerability in Bitdefender Antivirus Plus

Description

A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions prior to 24.0.26.136. Bitdefender Total Security versions prior to 24.0.26.136.

Remediation

Solution:

An automatic update to version 24.0.26.136 fixes the issue.

References

Link	Tags
https://www.bitdefender.com/support/security-advisories/process-control-vulnerability-bitdefender-antivirus-plus-va-8709/	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2020-8107?: CVE-2020-8107 has been scored as a high severity vulnerability.
How to fix CVE-2020-8107?: To fix CVE-2020-8107: An automatic update to version 24.0.26.136 fixes the issue.
Is CVE-2020-8107 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2020-8107 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-8107?: CVE-2020-8107 affects Bitdefender Antivirus Plus, Bitdefender Internet Security, Bitdefender Total Security.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Remediation

Category

CWE-114 – Process Control

References

Frequently Asked Questions