Thread-topic: [SA27717] BitDefender Online Scanner ActiveX Control Buffer Overflow
> ----------------------------------------------------------------------
>
> TITLE:
> BitDefender Online Scanner ActiveX Control Buffer Overflow
>
> SECUNIA ADVISORY ID:
> SA27717
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/27717/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> REVISION:
> 1.1 originally posted 2007-11-21
>
> SOFTWARE:
> BitDefender Online Scanner 8.x
> http://secunia.com/product/16611/
>
> DESCRIPTION:
> Greg Linares has reported a vulnerability in BitDefender Online
> Scanner, which can be exploited by malicious people to compromise a
> user's system.
>
> The vulnerability is caused due to an input validation error within
> the OScan8.ocx / OScan81.ocx ActiveX control when handling arguments
> passed to the "InitX()" method. This can be exploited to cause a
> heap-based buffer overflow by prepending two "%" characters to the
> argument of the affected method.
>
> Successful exploitation allows execution of arbitrary code.
>
> The vulnerability is reported in version 8.0. Other versions may also
> be affected.
>
> SOLUTION:
> Update to the latest version (OScan82.ocx).
> http://www.bitdefender.com/scan8/ie.html
>
> PROVIDED AND/OR DISCOVERED BY:
> Greg Linares, eEye Digital Security
>
> CHANGELOG:
> 2007-11-22: Added CVE identifier.
>
> ORIGINAL ADVISORY:
> http://research.eeye.com/html/advisories/published/AD20071120.html
>