CVE-2020-8094
Published: 15 January 2025
Description
An untrusted search path vulnerability in testinitsigs.exe as used in Bitdefender Antivirus Free 2020 allows a low-privilege attacker to execute code as SYSTEM via a specially crafted DLL file.
Security Summary
CVE-2020-8094 is an untrusted search path vulnerability (CWE-426) affecting the testinitsigs.exe component in Bitdefender Antivirus Free 2020. This flaw allows malicious code execution due to the executable searching for DLLs in untrusted directories before secure paths.
A low-privilege local attacker can exploit this vulnerability by placing a specially crafted DLL file in an untrusted search path location. When a user runs testinitsigs.exe, it loads the attacker's DLL instead of the legitimate one, enabling arbitrary code execution with SYSTEM privileges. The CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) reflects requirements for local access, low attack complexity, no privileges, and user interaction, with high impacts on confidentiality, integrity, and availability.
Bitdefender has published security advisory VA-8422 detailing the untrusted search path vulnerability in Antivirus Free 2020, available at https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-bitdefender-antivirus-free-2020-va-8422/. Practitioners should consult this advisory for patch information and mitigation guidance.
Details
- CWE(s)