BitDefender Client Professional Plus Settings Local Format String Vulnerability
BID:22128
Info
BitDefender Client Professional Plus Settings Local Format String Vulnerability
| Bugtraq ID: | 22128 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 19 2007 12:00AM |
| Updated: | Jan 25 2007 04:13PM |
| Credit: | Deral Heiland from Layered Defense Research discovered this issue. |
| Vulnerable: |
BitDefender BitDefender Client Professional 8.02 |
| Not Vulnerable: | |
Discussion
BitDefender Client Professional Plus Settings Local Format String Vulnerability
BitDefender Client Professional Plus is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before using it in the format-specifier argument to a formatted-printing function.
Successfully exploiting this vulnerability may allow an attacker to execute arbitrary machine code with SYSTEM-level privileges or to crash the application.
BitDefender Client Professional Plus build 8.02 and prior versions are vulnerable to this issue.
BitDefender Client Professional Plus is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before using it in the format-specifier argument to a formatted-printing function.
Successfully exploiting this vulnerability may allow an attacker to execute arbitrary machine code with SYSTEM-level privileges or to crash the application.
BitDefender Client Professional Plus build 8.02 and prior versions are vulnerable to this issue.
Exploit / POC
BitDefender Client Professional Plus Settings Local Format String Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
BitDefender Client Professional Plus Settings Local Format String Vulnerability
Solution:
The vendor has released patches to address this issue. The vendor states that the application's automatic update feature should install the patches.
Solution:
The vendor has released patches to address this issue. The vendor states that the application's automatic update feature should install the patches.
References
BitDefender Client Professional Plus Settings Local Format String Vulnerability
References:
References:
- BitDefender Homepage (BitDefender)
- Format string vulnerability (BitDefender)
- Layered Defense Research Advisory: BitDefender Client 8.02 Format String Vulnera (Layered Defense)