[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2007-6189

Date: (C)2007-11-29   (M)2017-10-04
 
CVSS Score: 9.3Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in BitDefender Online Anti-Virus Scanner 8.0 allows remote attackers to execute arbitrary code via a long argument to the InitX method that begins with a "%%" sequence, which is misinterpreted as a Unicode string and decoded twice, leading to improper memory allocation and a heap-based buffer overflow.

Reference:
SECTRACK-1018986
http://www.securityfocus.com/archive/1/archive/1/483986/100/100/threaded
SECUNIA-27717
SREASON-3405
EXPLOIT-DB-4663
ADV-2007-3935
http://research.eeye.com/html/advisories/published/AD20071120.html

CWE    1
CWE-119

© 2013 SecPod Technologies