SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
WLB
Services
RSS
Corporate
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com

Home arrow SecurityAlert Database

Arrow  Topic :

BitDefender Antivirus Filename Handling Format String Vulnerability


Arrow  SecurityAlert : 45
Arrow  CVE : CVE-2005-3154
Arrow  SecurityRisk : High  Security Risk High  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : Yes
Arrow  Exploit Available : No
Arrow  Credit : fRoGGz
Arrow  Published : 04.10.2005

Arrow  Affected Software : BitDefender Internet Security 9
BitDefender Professional Plus 9
BitDefender Standard 9
BitDefender Antivirus Professional Plus 8.x
BitDefender Antivirus Standard 8.x
BitDefender Professional Edition 7.x
BitDefender Standard Edition 7.x



Arrow  Advisory Content :  

ISSUE:
The vulnerability is caused due to a format string error when generating
the scan report file. This can potentially be exploited to execute
arbitrary code when a file or directory containing format string specifiers
in its name (e.g. %.8X%.8X) is scanned.

SOLUTION:
BitDefender was notified on September 16, 2005 by the SecuBox team on the
existence of a format string vulnerability in BitDefender products.

Fixes for BitDefender v7.x, BitDefender v8.x and BitDefender 9 Internet
Security were released September 26, 2005.
Fixes for BitDefender 9 Professional Plus and BitDefender 9 Standard were
released October 4, 2005.

Installed BitDefender solutions were updated automatically through the
regular update function.

Source :
http://kb.bitdefender.com/KB261-en--Filename-Format-String-Vulnerability.ht
ml





Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server

Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability

PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)

ADT

Protect your family and valuables with Home Security Systems

Copyright © SecurityReason.com. All Rights Reserved.