BitDefender Internet Security XSS Feb 26 2009 04:12PM
jplopezy gmail com


Application: BitDefender Internet Security 2009

OS: Windows Xp (All patches a day)

------------------------------------------------------

1 - Description

2 - Vulnerability

3 - POC/EXPLOIT

------------------------------------------------------

Description

BitDefender Internet Security is a security software

that includes multiples protections, for example (anti spam, anti spyware,etc).

------------------------------------------------------

Vulnerability

The vulnerability is caused because when you scans a file,

the antivirus used a flash for display the name of file,

with this you can make a malformed rar or zip that containing a script.

and when the av scans the file, run the script.

------------------------------------------------------

POC/EXPLOIT

The poc is the video because for make the poc you need a virus file.

the xss is this

<h1 id="header" onmousemove="alert(1)" test </h1>

http://video.google.com/videoplay?docid=-8346357281340486654

------------------------------------------------------

Juan Pablo Lopez Yacubian

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus