BitDefender Internet Security 9
BitDefender Professional Plus 9
BitDefender Standard 9
BitDefender Antivirus Professional Plus 8.x
BitDefender Antivirus Standard 8.x
BitDefender Professional Edition 7.x
BitDefender Standard Edition 7.x
Advisory Text :
ISSUE:
The vulnerability is caused due to a format string error when generating
the scan report file. This can potentially be exploited to execute
arbitrary code when a file or directory containing format string specifiers
in its name (e.g. %.8X%.8X) is scanned.
SOLUTION:
BitDefender was notified on September 16, 2005 by the SecuBox team on the
existence of a format string vulnerability in BitDefender products.
Fixes for BitDefender v7.x, BitDefender v8.x and BitDefender 9 Internet
Security were released September 26, 2005.
Fixes for BitDefender 9 Professional Plus and BitDefender 9 Standard were
released October 4, 2005.
Installed BitDefender solutions were updated automatically through the
regular update function.
Source :
http://kb.bitdefender.com/KB261-en--Filename-Format-String-Vulnerability.ht
ml
Feedback :
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory.