Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-8103 PoC — Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8604)

Source
https://github.com/RedyOpsResearchLabs/-CVE-2020-8103-Bitdefender-Antivirus-Free-EoP
Associated Vulnerability
Title:Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8604) (CVE-2020-8103)
Description:A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178.
Description
CVE-2020-8103 Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free
Readme
# CVE-2020-8103 Exploit

The write up can be found in the blog of the RedyOps Labs: 

https://labs.redyops.com/index.php/2020/04/24/bitdefender-antivirus-free-escalation-of-privileges/ 

### Third Party Tools
This exploit code, is heavily based on symboliclink-testing-tools which was Developed by James Forshaw. The symboliclink-testing-tools can be found here:

https://github.com/googleprojectzero/symboliclink-testing-tools
File Snapshot

 [4.0K]  /data/pocs/d22b8434ff6af3df2c84e036ff0b48a97f7dda44
├── [ 16M]  BitDefender EoP (CVE-2020-8103).mkv
├── [ 428]  README.md
└── [4.0K]  src
    └── [4.0K]  BitDefender Free
        ├── [1.5K]  BitDefender Free.sln
        ├── [4.0K]  CommonUtils
        │   ├── [3.7K]  CommonUtils.cpp
        │   ├── [1.0K]  CommonUtils.h
        │   ├── [4.8K]  CommonUtils.vcxproj
        │   ├── [2.7K]  CommonUtils.vcxproj.filters
        │   ├── [ 168]  CommonUtils.vcxproj.user
        │   ├── [2.0K]  DirectoryObject.cpp
        │   ├── [4.5K]  FileOpLock.cpp
        │   ├── [ 789]  FileOpLock.h
        │   ├── [5.0K]  FileSymlink.cpp
        │   ├── [ 588]  FileSymlink.h
        │   ├── [1.6K]  Hardlink.cpp
        │   ├── [2.0K]  NativeSymlink.cpp
        │   ├── [2.2K]  ntimports.h
        │   ├── [5.2K]  RegistrySymlink.cpp
        │   ├── [ 13K]  ReparsePoint.cpp
        │   ├── [1.2K]  ReparsePoint.h
        │   ├── [1.8K]  ScopedHandle.cpp
        │   ├── [ 498]  ScopedHandle.h
        │   ├── [ 298]  stdafx.cpp
        │   ├── [ 270]  stdafx.h
        │   ├── [ 314]  targetver.h
        │   └── [1.3K]  typed_buffer.h
        └── [4.0K]  Exploit
            ├── [4.0K]  Exploit.cpp
            ├── [1.2K]  Exploit.filters
            ├── [ 168]  Exploit.user
            ├── [5.0K]  Exploit.vcxproj
            ├── [ 168]  Exploit.vcxproj.user
            ├── [ 300]  stdafx.cpp
            ├── [ 462]  stdafx.h
            └── [ 314]  targetver.h

4 directories, 33 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →