On Mon, 2004-04-19 at 10:55, Rafel Ivgi, The-Insider wrote:
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Application: BitDefender Scan Online(ActiveX)
> Vendors: http://www.bitdefender.com/scan/Msie/index.php
> Platforms: Windows
> Bug: Remote File Download & Execute & Private Information
> Disclosure
> Risk: High - Running Arbitary Code
> Exploitation: Remote with browser
> Date: 19 Apr 2004
> Author: Rafel Ivgi, The-Insider
> e-mail: the_insider (at) mail (dot) com [email concealed]
> web: http://theinsider.deep-ice.com
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The problem was solved yesterday, the ActiveX control was updated. In
order to
apply the update, a user has to access the scan online webpage (on
bitdefender.com or partner sites) and allow the update.
Btw... it would have been really nice not to expose users to this
vulnerability and let us know prior to making it public.
- --
Sami POTIRCA
BitDefender Linux Project Manager
- -------------------------------------
SOFTWIN
Data Security Division
- -------------------------------------
e-mail: oconstantin (at) bitdefender (dot) com [email concealed]
phone: +(4021) 233 18 52; 233 07 80
fax: (+4021) 233.07.63
Bucharest, ROMANIA
http://www.bitdefender.com
http://www.softwin.ro
- -------------------------------------
secure your every bit
- -------------------------------------
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Application: BitDefender Scan Online(ActiveX)
> Vendors: http://www.bitdefender.com/scan/Msie/index.php
> Platforms: Windows
> Bug: Remote File Download & Execute & Private Information
> Disclosure
> Risk: High - Running Arbitary Code
> Exploitation: Remote with browser
> Date: 19 Apr 2004
> Author: Rafel Ivgi, The-Insider
> e-mail: the_insider (at) mail (dot) com [email concealed]
> web: http://theinsider.deep-ice.com
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The problem was solved yesterday, the ActiveX control was updated. In
order to
apply the update, a user has to access the scan online webpage (on
bitdefender.com or partner sites) and allow the update.
Btw... it would have been really nice not to expose users to this
vulnerability and let us know prior to making it public.
- --
Sami POTIRCA
BitDefender Linux Project Manager
- -------------------------------------
SOFTWIN
Data Security Division
- -------------------------------------
e-mail: oconstantin (at) bitdefender (dot) com [email concealed]
phone: +(4021) 233 18 52; 233 07 80
fax: (+4021) 233.07.63
Bucharest, ROMANIA
http://www.bitdefender.com
http://www.softwin.ro
- -------------------------------------
secure your every bit
- -------------------------------------
[ reply ]