The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted.
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Anti-virus | Totaldefense | 11.5.2.28 (including) | 11.5.2.28 (including) |