{"api_version":"1","generated_at":"2026-05-13T11:15:36+00:00","cve":"CVE-2019-15295","urls":{"html":"https://cve.report/CVE-2019-15295","api":"https://cve.report/api/cve/CVE-2019-15295.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-15295","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-15295"},"summary":{"title":"CVE-2019-15295","description":"An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2019-08-21 18:15:00","updated_at":"2019-08-28 15:54:00"},"problem_types":["CWE-426"],"metrics":[],"references":[{"url":"https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM","name":"https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM","refsource":"MISC","tags":["Third Party Advisory"],"title":"BitDefender Antivirus Free 2020 - Privilege Escalation to SYSTEM","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-serviceinstance-dll-bitdefender-antivirus-free-2020/","name":"https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-serviceinstance-dll-bitdefender-antivirus-free-2020/","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Untrusted Search Path vulnerability in ServiceInstance.dll (Bitdefender Antivirus Free 2020) - Bitdefender","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-15295","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15295","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"15295","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitdefender","cpe5":"antivirus_2020","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"free","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"15295","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bitdefender","cpe5":"antivirus_2020","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"free","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2019-15295","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-serviceinstance-dll-bitdefender-antivirus-free-2020/","url":"https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-serviceinstance-dll-bitdefender-antivirus-free-2020/"},{"refsource":"MISC","name":"https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM","url":"https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM"}]}},"nvd":{"publishedDate":"2019-08-21 18:15:00","lastModifiedDate":"2019-08-28 15:54:00","problem_types":["CWE-426"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":9.3},"severity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:bitdefender:antivirus_2020:*:*:*:*:free:*:*:*","versionEndExcluding":"1.0.15.138","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"15295","Ordinal":"154706","Title":"CVE-2019-15295","CVE":"CVE-2019-15295","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"15295","Ordinal":"1","NoteData":"An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"15295","Ordinal":"2","NoteData":"2019-08-21","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"15295","Ordinal":"3","NoteData":"2019-08-26","Type":"Other","Title":"Modified"}]}}}