Bugtraq mailing list archives

Re: BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure

From: Sami POTIRCA <spotirca () bitdefender com>
Date: Tue, 20 Apr 2004 16:22:23 +0300

On Mon, 2004-04-19 at 10:55, Rafel Ivgi, The-Insider wrote:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application:  BitDefender Scan Online(ActiveX)
Vendors:        http://www.bitdefender.com/scan/Msie/index.php
Platforms:      Windows
Bug:                Remote File Download & Execute & Private Information
Disclosure
Risk:                High - Running Arbitary Code
Exploitation:   Remote with browser
Date:               19 Apr 2004
Author:           Rafel Ivgi, The-Insider
e-mail:             the_insider () mail com
web:                http://theinsider.deep-ice.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


The problem was solved yesterday, the ActiveX control was updated. In
order to 
apply the update, a user has to access the scan online webpage (on 
bitdefender.com or partner sites) and allow the update.

Btw... it would have been really nice not to expose users to this 
vulnerability and let us know prior to making it public.

- --
Sami POTIRCA
BitDefender Linux Project Manager 
- -------------------------------------
SOFTWIN
Data Security Division
- -------------------------------------
e-mail: oconstantin () bitdefender com
phone: +(4021) 233 18 52; 233 07 80
fax: (+4021) 233.07.63
Bucharest, ROMANIA
http://www.bitdefender.com
http://www.softwin.ro
- -------------------------------------
secure your every bit
- -------------------------------------

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure Rafel Ivgi, The-Insider (Apr 19)
- Re: BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure Sami POTIRCA (Apr 20)