BitDefender AvxScanOnline ActiveX Control Arbitrary File Execution

2004-04-20T08:01:22
ID OSVDB:5549
Type osvdb
Reporter Rafel Ivgi(theinsider@012.net.il)
Modified 2004-04-20T08:01:22

Description

Vulnerability Description

AvxScanOnline contains a flaw in Atctive X control that may allow a remote attacker to execute arbitrary files. The issue is due to insecure method ("RequestFile()") in Active control. By tricking the user into visiting a malicious website, a remote attacker may download a remote file and execute it on the user's system, resulting in a loss of confidentiality, integrity, and availability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, BitDefender has released a patch to address this vulnerability.

Short Description

AvxScanOnline contains a flaw in Atctive X control that may allow a remote attacker to execute arbitrary files. The issue is due to insecure method ("RequestFile()") in Active control. By tricking the user into visiting a malicious website, a remote attacker may download a remote file and execute it on the user's system, resulting in a loss of confidentiality, integrity, and availability.

References:

Vendor URL: http://www.bitdefender.com/ Secunia Advisory ID:11427 Mail List Post: http://seclists.org/lists/bugtraq/2004/Apr/0267.html Mail List Post: http://seclists.org/lists/bugtraq/2004/Apr/0245.html ISS X-Force ID: 15911