lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200404201239.38935.oconstantin@bitdefender.com>
From: oconstantin at bitdefender.com (Ovidiu Constantin)
Subject: BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Application:  BitDefender Scan Online(ActiveX)
> Vendors:        http://www.bitdefender.com/scan/Msie/index.php
> Platforms:      Windows
> Bug:                Remote File Download & Execute & Private Information
> Disclosure
> Risk:                High - Running Arbitary Code
> Exploitation:   Remote with browser
> Date:               19 Apr 2004
> Author:           Rafel Ivgi, The-Insider
> e-mail:             the_insider@...l.com
> web:                http://theinsider.deep-ice.com

The problem was solved yesterday, the ActiveX control was updated. In order to 
apply the update, a user has to access the scan online webpage (on 
bitdefender.com or partner sites) and allow the update.

Btw... it would have been really nice not to expose users to this 
vulnerability and let us know prior to making it public.

- -- 
Ovidiu Constantin
BitDefender Internal Testing Engineer
- -------------------------------------
SOFTWIN
Data Security Division
- -------------------------------------
e-mail: oconstantin@...defender.com
phone: +(4021) 233 18 52; 233 07 80
fax: (+4021) 233.07.63
Bucharest, ROMANIA
http://www.bitdefender.com
http://www.softwin.ro
- -------------------------------------
secure your every bit
- -------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAhO/aa3h8kFS2shsRAsgqAKCFtT2ajCfqKdOmkW0fxdCm06IVmwCbBdW1
aMYxACETH6r0865qs/UzppM=
=510O
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ