The Bitdefender GravityZone installer suffers from a signature bypass issue that allows for code execution.
fb4f2c303fb26dbec83a73792998329051382c1f4c7fca1e1fe8417ff62ba2e5
We recently identified a vulnerability in the digitally signed
Bitdefender GravityZone installer.
The vulnerability allows an attacker to execute malicious code without
breaking the original digital signature, and without embedding anything
malicious into the installer itself.
This means that an appropriately positioned attacker can cause the
signed installer to run an arbitrary remotely hosted executable.
For more information regarding these issues please visit:
https://labs.nettitude.com/blog/cve-2018-8955-bitdefender-gravityzone-arbitrary-code-execution/
Cheers,
kyREcon