Vulnerabilities > CVE-2007-0391 - Local Format String vulnerability in Bitdefender Client Professionalplus8.02
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Windows |
NASL id | BITDEFENDER_FORMAT_STRING.NASL |
description | The version of BitDefender installed on the remote host fails to sanitize scan job settings of format strings. By leveraging this flaw, a local attacker may be able to crash the antivirus application or possibly even gain complete control of the affected system. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 24233 |
published | 2007-01-22 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/24233 |
title | BitDefender Client Log Creation Functionality Format String |
code |
|
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051883.html
- http://www.bitdefender.com/KB325-en--Format-string-vulnerability.html
- http://www.securityfocus.com/archive/1/457414/100/0/threaded
- http://www.securityfocus.com/bid/22128
- http://www.vupen.com/english/advisories/2007/0253
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31608