BitDefender Online Anti-Virus Scanner ActiveX OScan8.ocx / OScan8.ocx InitX Method Arbitrary Code Execution

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by a
buffer overflow vulnerability.

Description :

The remote host contains the 'BDSCANONLINE' ActiveX control, used by
the BitDefender Online Scanner, a web-based virus scanner.

The version of this control installed on the remote host fails to
properly validate Unicode values passed to the 'InitX' function as a
domain key. If a remote attacker can trick a user on the affected
host into visiting a specially crafted web page, these issues could be
leveraged to allocate arbitrary heap-based memory and overwrite memory
within the Internet Explorer or host ActiveX process, which could
result in execution of arbitrary code on the host subject to the
user's privileges.

See also :

http://research.eeye.com/html/advisories/published/AD20071120.html
http://www.securityfocus.com/archive/1/483986/30/0/threaded

Solution :

The vendor has reportedly released an update that can be obtained
by visiting the URL below, running a scan, and allowing the scanner to
update the antivirus engine :

http://www.bitdefender.com/scan8/ie.html

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 28332 (bitdefender_oscan8_activex_double_decode_overflow.nasl)

Bugtraq ID: 26210

CVE ID: CVE-2007-5775

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now