A vulnerability has been discovered in Bitdefender SafePay, which could allow for remote code execution. Bitdefender Safepay is a protected web browser designed to secure sensitive online transactions such as online-banking and e-shopping. Successful exploitation of this vulnerability could allow an attacker to execute commands remotely in the context of the user on the system.Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. If the current user has been configured to have fewer rights on the system, exploitation of the vulnerability can have less impact than if it was configured with administrative rights.
Recommendations
Apply the stable channel update provided by Bitdefender to vulnerable systems immediately after appropriate testing. Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources. Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources. Apply the Principle of Least Privilege to all systems and services.
