1.

Solve : BitDefender Online Scanner ActiveX Control Buffer Overflow - Highly critical!!!?

Answer» TITLE:
BitDefender Online Scanner ActiveX Control Buffer Overflow

SECUNIA ADVISORY ID:
SA27717

VERIFY ADVISORY:
http://secunia.com/advisories/27717/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

REVISION:
1.1 originally posted 2007-11-21

SOFTWARE:
BitDefender Online Scanner 8.x
http://secunia.com/product/16611/

DESCRIPTION:
GREG Linares has reported a vulnerability in BitDefender Online
Scanner, which can be exploited by malicious people to compromise a
user's system.

The vulnerability is caused due to an input validation error within
the OScan8.ocx / OScan81.ocx ActiveX control when handling arguments
passed to the "InitX()" method. This can be exploited to cause a
heap-based buffer overflow by prepending TWO "%" characters to the
argument of the AFFECTED method.

Successful exploitation allows execution of ARBITRARY code.

The vulnerability is reported in version 8.0. Other versions may also
be affected.

SOLUTION:
Update to the latest version (OScan82.ocx).
http://www.bitdefender.com/scan8/ie.html


Discussion

No Comment Found

Related InterviewSolutions