|
-
April 26th, 2004, 12:10 PM
#1
Vulnerability in BitDefender Online Scan
From "The SANS Institute Security Vulnerability Alert"
(4) MODERATE: BitDefender Scan Online Remote Code Execution
Affected: BitDefender Scan Online, assumed current version
Description: BitDefender Scan Online is a web-based anti-virus solution,
which claims to scan a client's computer for over 70,000 viruses and
trojans. The software installs an ActiveX object,
"AVXSCANONLINE.AvxScanOnlineCtrl.1", on a client's computer. This
ActiveX object contains a remote code execution vulnerability. A
malicious web page or an HTML email can invoke the ActiveX object's
"RequestFile" method to download and execute arbitrary code on the
client computer. The code would execute at the privilege level of the
currently logged-on user. A proof-of-concept exploit has been posted.
Status: Vendor confirmed, update available. Clients who have scanned
their systems online using BitDefender should upgrade to the new version
of the ActiveX control.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
