Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-8103 PoC — Bitdefender Antivirus Free 后置链接漏洞

Source
https://github.com/RedyOpsResearchLabs/-CVE-2020-8103-Bitdefender-Antivirus-Free-EoP
Associated Vulnerability
Title:Bitdefender Antivirus Free 后置链接漏洞 (CVE-2020-8103)
Description:Bitdefender Antivirus Free是罗马尼亚比特梵德(Bitdefender)公司的一套主要提供网络威胁检测和勒索软件防护功能的免费版本杀毒软件。 Bitdefender Antivirus Free 1.0.17.178之前版本中存在后置链接漏洞,该漏洞源于程序没有正确处理符号链接。攻击者可利用该漏洞替换隔离文件,并将其恢复到需要较高权限的位置。
Description
CVE-2020-8103 Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free
Readme
# CVE-2020-8103 Exploit

The write up can be found in the blog of the RedyOps Labs: 

https://labs.redyops.com/index.php/2020/04/24/bitdefender-antivirus-free-escalation-of-privileges/ 

### Third Party Tools
This exploit code, is heavily based on symboliclink-testing-tools which was Developed by James Forshaw. The symboliclink-testing-tools can be found here:

https://github.com/googleprojectzero/symboliclink-testing-tools
File Snapshot

 [4.0K]  /data/pocs/d22b8434ff6af3df2c84e036ff0b48a97f7dda44
├── [ 16M]  BitDefender EoP (CVE-2020-8103).mkv
├── [ 428]  README.md
└── [4.0K]  src
    └── [4.0K]  BitDefender Free
        ├── [1.5K]  BitDefender Free.sln
        ├── [4.0K]  CommonUtils
        │   ├── [3.7K]  CommonUtils.cpp
        │   ├── [1.0K]  CommonUtils.h
        │   ├── [4.8K]  CommonUtils.vcxproj
        │   ├── [2.7K]  CommonUtils.vcxproj.filters
        │   ├── [ 168]  CommonUtils.vcxproj.user
        │   ├── [2.0K]  DirectoryObject.cpp
        │   ├── [4.5K]  FileOpLock.cpp
        │   ├── [ 789]  FileOpLock.h
        │   ├── [5.0K]  FileSymlink.cpp
        │   ├── [ 588]  FileSymlink.h
        │   ├── [1.6K]  Hardlink.cpp
        │   ├── [2.0K]  NativeSymlink.cpp
        │   ├── [2.2K]  ntimports.h
        │   ├── [5.2K]  RegistrySymlink.cpp
        │   ├── [ 13K]  ReparsePoint.cpp
        │   ├── [1.2K]  ReparsePoint.h
        │   ├── [1.8K]  ScopedHandle.cpp
        │   ├── [ 498]  ScopedHandle.h
        │   ├── [ 298]  stdafx.cpp
        │   ├── [ 270]  stdafx.h
        │   ├── [ 314]  targetver.h
        │   └── [1.3K]  typed_buffer.h
        └── [4.0K]  Exploit
            ├── [4.0K]  Exploit.cpp
            ├── [1.2K]  Exploit.filters
            ├── [ 168]  Exploit.user
            ├── [5.0K]  Exploit.vcxproj
            ├── [ 168]  Exploit.vcxproj.user
            ├── [ 300]  stdafx.cpp
            ├── [ 462]  stdafx.h
            └── [ 314]  targetver.h

4 directories, 33 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.