TITLE: BitDefender Anti-Virus Filename Format String Vulnerability SECUNIA ADVISORY ID: SA16991 VERIFY ADVISORY: http://secunia.com/advisories/16991/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote SOFTWARE: BitDefender Standard Edition 7.x http://secunia.com/product/2106/ BitDefender Standard 9.x http://secunia.com/product/5799/ BitDefender Antivirus Professional Plus 8.x http://secunia.com/product/4987/ BitDefender Antivirus Standard 8.x http://secunia.com/product/4988/ BitDefender Professional Edition 7.x http://secunia.com/product/2105/ BitDefender Professional Plus 9.x http://secunia.com/product/5798/ DESCRIPTION: fRoGGz has discovered a vulnerability in BitDefender Anti-Virus, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a format string error when generating the scan report file. This can potentially be exploited to execute arbitrary code when a file or directory containing format string specifiers in its name (e.g. %.8X%.8X) is scanned. Successful exploitation requires that the "Create report file" option is enabled. The vulnerability has been confirmed in version 9.0, and also reported in versions 7.2 and 8. Other versions may also be affected. SOLUTION: Disable the "Create report file" option. Do not scan files or directories with format string specifiers in their names. PROVIDED AND/OR DISCOVERED BY: fRoGGz ORIGINAL ADVISORY: http://shadock.net/secubox/BitDefenderLoggingFunc.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------