[Declude.Virus] Bitdefender Vulnerability

Darrell \([EMAIL PROTECTED]) Mon, 10 Oct 2005 08:30:28 -0700

FYI - For those using Bitdefender -

05.40.20 CVE: Not Available
Platform: Cross Platform
Title: BitDefender Antivirus Logging Function Format String
Vulnerability
Description: BitDefender Antivirus is a proprietary antivirus product
for multiple platforms. It is vulnerable to a format string issue in
its logging functionality. This issue is due to a failure of the
application to properly sanitize user-supplied input prior to passing
it as the format specifier to a formatted printing function. A remote
attacker may leverage this issue to write to arbitrary process memory,
facilitating code execution and privilege escalation. BitDefender
versions 7.2, 8, and 9 for Windows are reported vulnerable. Other

versions and platforms may also be affected.Ref: http://www.securityfocus.com/bid/14968/info

____________________________________________________


------------------------------------------------------------------------

Check out http://www.invariantsystems.com for utilities for Declude AndImail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTGIntegration, and Log Parsers.


---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".    The archives can be found
at http://www.mail-archive.com.

[Declude.Virus] Bitdefender Vulnerability

Reply via email to