BitDefender Online Scanner OScan.OCX ActiveX Control Heap Buffer Overflow Vulnerability
BID:26210
Info
BitDefender Online Scanner OScan.OCX ActiveX Control Heap Buffer Overflow Vulnerability
| Bugtraq ID: | 26210 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-5775 CVE-2007-6189 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 25 2007 12:00AM |
| Updated: | Dec 18 2007 08:05PM |
| Credit: | Greg Linares is credited with the discovery of this vulnerability. |
| Vulnerable: |
BitDefender Online Scanner 8 |
| Not Vulnerable: | |
Discussion
BitDefender Online Scanner OScan.OCX ActiveX Control Heap Buffer Overflow Vulnerability
BitDefender Online Scanner is prone a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
BitDefender Online Scanner is prone a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Exploit / POC
BitDefender Online Scanner OScan.OCX ActiveX Control Heap Buffer Overflow Vulnerability
The following exploit is available:
The following exploit is available:
Solution / Fix
BitDefender Online Scanner OScan.OCX ActiveX Control Heap Buffer Overflow Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
BitDefender Online Scanner OScan.OCX ActiveX Control Heap Buffer Overflow Vulnerability
References:
References:
- BitDefender Homepage (BitDefender)
- Microsoft Knowledge Base Article 240797 (Microsoft)
- EEYE: BitDefender Online Scanner 8 Double Decode Heap Overflow ('eEye Advisories'
) - BitDefender Online Scanner 8 Double Decode Heap Overflow (eEye Research)