lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 26 Feb 2009 16:12:49 -0000
From: jplopezy@...il.com
To: bugtraq@...urityfocus.com
Subject: BitDefender Internet Security XSS


Application: BitDefender Internet Security 2009
 OS: Windows Xp (All patches a day)
------------------------------------------------------
1 - Description
2 - Vulnerability
3 - POC/EXPLOIT
------------------------------------------------------
Description

BitDefender Internet Security is a security software
that includes multiples protections, for example (anti spam, anti spyware,etc).

------------------------------------------------------
Vulnerability

The vulnerability is caused because when you scans a file, 
the antivirus used a flash for display the name of file,
with this you can make a malformed rar or zip that containing a script.
and when the av scans the file, run the script.

------------------------------------------------------
POC/EXPLOIT

The poc is the video because for make the poc you need a virus file.

the xss is this

<h1 id="header" onmousemove="alert(1)" test </h1>

http://video.google.com/videoplay?docid=-8346357281340486654

------------------------------------------------------
Juan Pablo Lopez Yacubian

Powered by blists - more mailing lists