MidnightBSD

Advisories for softwin

CVE-2004-1947 MEDIUM

The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
softwin bitdefender *
CVE-2005-1286 LOW

Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
softwin bitdefender_antivirus professional_plus_8
softwin bitdefender_antivirus standard_8
CVE-2005-2298 MEDIUM

BitDefender Engine 1.6.1 and earlier does not properly scan all attachments, which allows remote attackers to bypass virus scanning via begin and end commands in the body of the e-mail, which BitDefender treats as a uuencoded attachment and stops scanning afterwards.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
softwin bitdefender_engine *
CVE-2005-3154 HIGH

Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,

Products Affected

Vendor Product Version
softwin bitdefender 8.0
softwin bitdefender 9.0
softwin bitdefender 7.2
CVE-2005-3211 MEDIUM

Multiple interpretation error in unspecified versions of BitDefender Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
softwin bitdefender_antivirus *
CVE-2012-1429 MEDIUM

The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
f-secure f-secure_anti-virus 9.0.16160.0
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
nprotect nprotect_antivirus 2011-01-17.01
mcafee gateway 2010.1c
mcafee scan_engine 5.400.0.1158
softwin bitdefender 7.2
aladdin esafe 7.0.17.0
comodo comodo_antivirus 7424
emsisoft anti-malware 5.1.0.1