Vulnerabilities > CVE-2004-1947 - Remote File Upload And Execution vulnerability in Softwin BitDefender AvxScanOnlineCtrl COM Object

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
softwin
exploit available

Summary

The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab.

Vulnerable Configurations

Part Description Count
Application
Softwin
1

Exploit-Db

  • descriptionSoftwin BitDefender AvxScanOnlineCtrl COM Object Information Disclosure Vulnerability. CVE-2004-1947. Remote exploit for windows platform
    idEDB-ID:24025
    last seen2016-02-02
    modified2004-04-19
    published2004-04-19
    reporterRafel Ivgi The-Insider
    sourcehttps://www.exploit-db.com/download/24025/
    titleSoftwin BitDefender AvxScanOnlineCtrl COM Object Information Disclosure Vulnerability
  • descriptionSoftwin BitDefender AvxScanOnlineCtrl COM Object Remote File Upload And Execution Vulnerability. CVE-2004-1947. Remote exploit for windows platform
    idEDB-ID:24024
    last seen2016-02-02
    modified2004-04-19
    published2004-04-19
    reporterRafel Ivgi The-Insider
    sourcehttps://www.exploit-db.com/download/24024/
    titleSoftwin BitDefender AvxScanOnlineCtrl COM Object Remote File Upload And Execution Vulnerability