Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name.
Weakness
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Bitdefender | Softwin | 7.2 (including) | 7.2 (including) |
| Bitdefender | Softwin | 8.0 (including) | 8.0 (including) |
| Bitdefender | Softwin | 9.0 (including) | 9.0 (including) |
Potential Mitigations
Related Attack Patterns
References
- http://kb.bitdefender.com/KB261-en--Filename-Format-String-Vulnerability.html
- http://secunia.com/advisories/16991
- http://securityreason.com/securityalert/45
- http://shadock.net/secubox/BitDefenderLoggingFunc.html
- http://www.securityfocus.com/bid/14968
- http://kb.bitdefender.com/KB261-en--Filename-Format-String-Vulnerability.html
- http://secunia.com/advisories/16991
- http://securityreason.com/securityalert/45
- http://shadock.net/secubox/BitDefenderLoggingFunc.html
- http://www.securityfocus.com/bid/14968