Full Disclosure mailing list archives
Re: BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure
From: Ovidiu Constantin <oconstantin () bitdefender com>
Date: Tue, 20 Apr 2004 12:39:38 +0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Application: BitDefender Scan Online(ActiveX) Vendors: http://www.bitdefender.com/scan/Msie/index.php Platforms: Windows Bug: Remote File Download & Execute & Private Information Disclosure Risk: High - Running Arbitary Code Exploitation: Remote with browser Date: 19 Apr 2004 Author: Rafel Ivgi, The-Insider e-mail: the_insider () mail com web: http://theinsider.deep-ice.com
The problem was solved yesterday, the ActiveX control was updated. In order to apply the update, a user has to access the scan online webpage (on bitdefender.com or partner sites) and allow the update. Btw... it would have been really nice not to expose users to this vulnerability and let us know prior to making it public. - -- Ovidiu Constantin BitDefender Internal Testing Engineer - ------------------------------------- SOFTWIN Data Security Division - ------------------------------------- e-mail: oconstantin () bitdefender com phone: +(4021) 233 18 52; 233 07 80 fax: (+4021) 233.07.63 Bucharest, ROMANIA http://www.bitdefender.com http://www.softwin.ro - ------------------------------------- secure your every bit - ------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAhO/aa3h8kFS2shsRAsgqAKCFtT2ajCfqKdOmkW0fxdCm06IVmwCbBdW1 aMYxACETH6r0865qs/UzppM= =510O -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure Rafel Ivgi, The-Insider (Apr 19)
- Re: BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure Ovidiu Constantin (Apr 20)