Multiple BitDefender Products Parsing Engine Integer Overflow Vulnerability
BID:21610
Info
Multiple BitDefender Products Parsing Engine Integer Overflow Vulnerability
| Bugtraq ID: | 21610 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 15 2006 12:00AM |
| Updated: | Dec 15 2006 12:00AM |
| Credit: | Sergio Alvarez is credited with the discovery of this issue. |
| Vulnerable: |
BitDefender Online Scanner 0 BitDefender Mail Protection for Enterprise 0 BitDefender Internet Security 0 BitDefender for MS Exchange 5.5 0 BitDefender for MS Exchange 2003 0 BitDefender for MS Exchange 2000 0 BitDefender for ISA Server 0 BitDefender Antivirus Plus 0 BitDefender AntiVirus 0 |
| Not Vulnerable: | |
Discussion
Multiple BitDefender Products Parsing Engine Integer Overflow Vulnerability
Multiple BitDefender products are prone to an integer-overflow vulnerability because the application fails to ensure that integer values are not overrun.
An attacker can exploit this issue to execute arbitrary code with administrative privileges, facilitating the complete compromise of the affected application. Failed exploit attempts will result in a denial of service.
Multiple BitDefender products are prone to an integer-overflow vulnerability because the application fails to ensure that integer values are not overrun.
An attacker can exploit this issue to execute arbitrary code with administrative privileges, facilitating the complete compromise of the affected application. Failed exploit attempts will result in a denial of service.
Exploit / POC
Multiple BitDefender Products Parsing Engine Integer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution / Fix
Multiple BitDefender Products Parsing Engine Integer Overflow Vulnerability
Solution:
The vendor has released patches to address this issue. The vendor states that the application's automatic update feature should install the patches.
Solution:
The vendor has released patches to address this issue. The vendor states that the application's automatic update feature should install the patches.
References
Multiple BitDefender Products Parsing Engine Integer Overflow Vulnerability
References:
References:
- BitDefender Homepage (BitDefender)
- cevakrnl.xmd vulnerability (BitDefender)
- BitDefender AV Packed PE File Parsing Engine Heap Overflow ([email protected])