|CVSS SCORE||6.6, (AV:L/AC:M/Au:S/C:C/I:C/A:C)|
The specific flaw exists within processing of the 0x8000e038 IOCTL by the bdfwfpf device driver. A crafted buffer sent to the DeviceIoControl API can cause the corruption of pool memory in the kernel because of an integer overflow in the calculation of length for a memcpy command. An attacker can leverage this vulnerability execute arbitrary code in the context of SYSTEM.
Bitdefender has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||bear13oy of CloverSec Labs