Sysadmin News » Highly critical vulnerabilities in BitDefender Online Scanner

« Moderately critical Vulnerability in Microsoft Windows DNS Service Extremely Critical Header Buffer Overflow in Apple QuickTime RTSP “Content-Type” »

Nov 26 2007

Profile Image of MuZumbu
MuZumbu

Highly critical vulnerabilities in BitDefender Online Scanner

Posted at 8:08 am under Secunia

Secunia Advisory:	SA27717
Release Date:	2007-11-21
Last Update:	2007-11-22

Critical:	Highly critical
Impact:	System access
Where:	From remote
Solution Status:	Vendor Patch

Software:	BitDefender Online Scanner 8.x

CVE reference:	CVE-2007-5775 (Secunia mirror)



Description: Greg Linares has reported a vulnerability in BitDefender Online Scanner, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an input validation error within the OScan8.ocx / OScan81.ocx ActiveX control when handling arguments passed to the “InitX()” method. This can be exploited to cause a heap-based buffer overflow by prepending two “%” characters to the argument of the affected method. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in version 8.0. Other versions may also be affected. Solution: Update to the latest version (OScan82.ocx). http://www.bitdefender.com/scan8/ie.html Provided and/or discovered by: Greg Linares, eEye Digital Security

No responses yet

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.

Archives
September 2008

M T W T F S S

« Jul

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30

"