CVE-2021-4198
published 2022-03-07CVE-2021-4198: A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint…
PriorityP427medium6.1CVSS 3.1
AVLACLPRLUINSUCNILAH
EPSS
0.56%
42.2th percentile
A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bitdefender | antivirus_plus | < 26.0.3.29 | 26.0.3.29 |
| bitdefender | antivirus_plus | >= unspecified < 26.0.3.29 | 26.0.3.29 |
| bitdefender | endpoint_security_tools | < 7.2.2.92 | 7.2.2.92 |
| bitdefender | endpoint_security_tools | >= unspecified < 7.2.2.92 | 7.2.2.92 |
| bitdefender | internet_security | < 26.0.3.29 | 26.0.3.29 |
| bitdefender | internet_security | >= unspecified < 26.0.3.29 | 26.0.3.29 |
| bitdefender | total_security | < 26.0.3.29 | 26.0.3.29 |
| bitdefender | total_security | >= unspecified < 26.0.3.29 | 26.0.3.29 |
| bitdefender | vpn_standalone | < 25.5.0.48 | 25.5.0.48 |
| bitdefender | vpn_standalone | >= unspecified < 25.5.0.48 | 25.5.0.48 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
nvdv2.03.6LOWAV:L/AC:L/Au:N/C:N/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Trendmicro
Is exploiting a null pointer deref for LPE just a pipe dream?
blogs_trendmicro·2022-06-02·CVSS 6.1
[MEDIUM] Is exploiting a null pointer deref for LPE just a pipe dream?
# Is exploiting a null pointer deref for LPE just a pipe dream?
This post explores the question "is exploiting a null pointer deref for LPE just a pipe dream?"
By: Zero Day Initiative
2022/06/02
Read time: ( words)
Save to Folio
A lot of blog posts I have read go over interesting vulnerabilities and exploits but do not typically share the process behind discovery. I want to show how sometimes just manually poking around can quickly uncover vulnerabilities you might miss with other approaches to vulnerability discovery.
In my previous blog, I highlighted a tool named IO Ninja and shared why it is helpful when working with Inter-Process Communications (IPC). In this blog, I would like to show you how this tool helped me find two vulnerabilities: CVE-2021-4198 and CVE-2021-4199 in Bitde
Trendmicro
Is exploiting a null pointer deref for LPE just a pipe dream?
blogs_trendmicro·2022-06-02·CVSS 6.1
[MEDIUM] Is exploiting a null pointer deref for LPE just a pipe dream?
## Is exploiting a null pointer deref for LPE just a pipe dream?
This post explores the question "is exploiting a null pointer deref for LPE just a pipe dream?"
By: Zero Day Initiative 2022/06/02 Read time: ( words)
Save to Folio
A lot of blog posts I have read go over interesting vulnerabilities and exploits but do not typically share the process behind discovery. I want to show how sometimes just manually poking around can quickly uncover vulnerabilities you might miss with other approaches to vulnerability discovery.
In my previous blog , I highlighted a tool named IO Ninja and shared why it is helpful when working with Inter-Process Communications (IPC). In this blog, I would like to show you how this tool helped me find two vulnerabilities: CVE-2021-4198 and CVE-2021-4199 in Bitd
Trendmicro
Is exploiting a null pointer deref for LPE just a pipe dream?
blogs_trendmicro·2022-06-02·CVSS 6.1
[MEDIUM] Is exploiting a null pointer deref for LPE just a pipe dream?
## Is exploiting a null pointer deref for LPE just a pipe dream?
This post explores the question "is exploiting a null pointer deref for LPE just a pipe dream?"
By: Zero Day Initiative Jun 02, 2022 Read time: ( words)
Save to Folio
A lot of blog posts I have read go over interesting vulnerabilities and exploits but do not typically share the process behind discovery. I want to show how sometimes just manually poking around can quickly uncover vulnerabilities you might miss with other approaches to vulnerability discovery.
In my previous blog , I highlighted a tool named IO Ninja and shared why it is helpful when working with Inter-Process Communications (IPC). In this blog, I would like to show you how this tool helped me find two vulnerabilities: CVE-2021-4198 and CVE-2021-4199 in Bi
Wiz
CVE-2025-7073 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-7073 [HIGH] CVE-2025-7073 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-7073 :
Bitdefender Internet Security vulnerability analysis and mitigation
A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.
Source : NVD
## 8.8
Score
Published December 10, 2025
Severity HIGH
CNA Score 8.8
Affected Technologies
Bitdefender Internet Security
Bitdefender Endpoint Security Too
https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016/https://www.zerodayinitiative.com/advisories/ZDI-22-483/https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016/https://www.zerodayinitiative.com/advisories/ZDI-22-483/
2022-03-07
Published