How severe is CVE-2017-6186?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2017-6186?

This is classified as CWE-94, which is a common weakness in software security.

CVE-2017-6186 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack.

Related Vulnerabilities

CVE-2018-3686

MEDIUM

CVSS:6.7(Medium)

Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access.

CWE-942018

CVE-2018-3700

MEDIUM

CVSS:6.7(Medium)

Code injection vulnerability in the installer for Intel(R) USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 before version 5.0.4.43v2 may allow a user to potentially enable escalation...

CWE-942018

CVE-2020-8140

MEDIUM

CVSS:6.7(Medium)

A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment.

CWE-942020

CVE-2021-3411

MEDIUM

CVSS:6.7(Medium)

A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerabilit...

CWE-942021

CVE-2022-29813

MEDIUM

CVSS:6.7(Medium)

In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible

CWE-942022

CVE-2022-29815

MEDIUM

CVSS:6.7(Medium)

In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible

CWE-942022