BitDefender Client Professional Plus Settings Local Format String Vulnerability

BitDefender Client Professional Plus Settings Local Format String Vulnerability

BitDefender Client Professional Plus is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before using it in the format-specifier argument to a formatted-printing function.

Successfully exploiting this vulnerability may allow an attacker to execute arbitrary machine code with SYSTEM-level privileges or to crash the application.

BitDefender Client Professional Plus build 8.02 and prior versions are vulnerable to this issue.