Vulnerabilities > CVE-2007-5775 - Buffer Overflow vulnerability in BitDefender Online Scanner OScan.OCX ActiveX Control Heap
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Exploit-Db
description | BitDefender Online Scanner 8 ActiveX Heap Overflow Exploit. CVE-2007-5775,CVE-2007-6189. Remote exploit for windows platform |
file | exploits/windows/remote/4663.html |
id | EDB-ID:4663 |
last seen | 2016-01-31 |
modified | 2007-11-27 |
platform | windows |
port | |
published | 2007-11-27 |
reporter | Nphinity |
source | https://www.exploit-db.com/download/4663/ |
title | BitDefender Online Scanner 8 - ActiveX Heap Overflow Exploit |
type | remote |
Nessus
NASL family | Windows |
NASL id | BITDEFENDER_OSCAN8_ACTIVEX_DOUBLE_DECODE_OVERFLOW.NASL |
description | The remote host contains the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 28332 |
published | 2007-11-27 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/28332 |
title | BitDefender Online Anti-Virus Scanner ActiveX OScan8.ocx / OScan8.ocx InitX Method Arbitrary Code Execution |
code |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 26210 CVE(CAN) ID: CVE-2007-5775 BitDefender Online Scanner是一款免费的在线杀毒软件。 BitDefender在线扫描器所捆绑的OScan.ocx控件中存在远程代码执行漏洞,远程攻击者可能利用此漏洞在用户系统上执行任意指令。 OScan.ocx的有漏洞函数为InitX,该函数取得了bstrLocation的字符串参数值用于确认调用域。InitX的IDL类似于以下: Function InitX { ByVal bstrLocation as String } As Boolean 这个功能用于保护ActiveX控件防止从授权域之外初始化。用户可以提交请求向站点上传这个控件,然后获得初始化密钥。用户域是由以下16进制密钥处理的: AvxUI.InitX('000000408E45E3394593BF66F0C93C6CF90AF0F0 AB417E17657D7F328A2312ACBE0B139EF3EBFB69 939B1C3B24D8BC392D752B8408EAACCD809B94D3 8B8F9B5E97B1C1A6') 在处理并确认了这个域密钥后才会初始化控件并接受用户命令开始扫描文件,但在处理传送给有漏洞函数域密钥的Unicode值时存在双重解码漏洞。如果向域密钥值附加了两个??(0x25)字符就会触发这个漏洞,导致OScan.ocx双重解码Unicode参数并分配任意内存。结合超长字符串,就可能导致堆内存破坏的情况。这种堆溢出允许使用任意用户畸形字符串的数据覆盖Internet Explorer或主机ActiveX进程中的内存。尽管攻击者无法控制发生内存覆盖的位置,但漏洞仍可能覆盖Internet Explorer或主机ActiveX进程之后调用的指针,因此可能执行任意指令。 Softwin BitDefender Online Scanner 8 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.bitdefender.com/scan8/ie.html target=_blank>http://www.bitdefender.com/scan8/ie.html</a> |
id | SSV:2485 |
last seen | 2017-11-19 |
modified | 2007-11-22 |
published | 2007-11-22 |
reporter | Root |
title | BitDefender在线扫描器OScan.OCX ActiveX控件堆溢出漏洞 |