BitDefender AvxScanOnlineCtrl COM Object Information Disclosure Vulnerability

vendor:

BitDefender

by:

SecurityFocus

4.3

CVSS

MEDIUM

Information Disclosure

200

CWE

Product Name: BitDefender

Affected Version From: 3.0.0.1

Affected Version To: 3.0.0.1

Patch Exists: NO

Related CWE: N/A

CPE: a:bitdefender:bitdefender:3.0.0.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2002

BitDefender AvxScanOnlineCtrl COM Object Information Disclosure Vulnerability

The BitDefender AvxScanOnlineCtrl COM object is affected by an information disclosure vulnerability. This issue is due to a design error that allows a remote user to execute a method in the offending object that provides access to unauthorized information. This issue would allow an attacker to gain access system information that may be used to aid in further attacks.

Mitigation:

Ensure that the BitDefender AvxScanOnlineCtrl COM object is not exposed to untrusted users.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10175/info

Reportedly the BitDefender AvxScanOnlineCtrl COM object is affected by an information disclosure vulnerability. This issue is due to a design error that allows a remote user to execute a method in the offending object that provides access to unauthorized information.

This issue would allow an attacker to gain access system information that may be used to aid in further attacks.

<OBJECT id=seemycomputer
codeBase=http://www.bitdefender.com/scan/Msie/bitdefender.cab#version=3,0,0,
1
hspace=0 vspace=0 align="top"
classid=CLSID:80DD2229-B8E4-4C77-B72F-F22972D723EA
width=405 height=180>
<PARAM NAME="_ExtentX" VALUE="6614">
<PARAM NAME="_ExtentY" VALUE="4498">
<PARAM NAME="_StockProps" VALUE="9">
<PARAM NAME="ForeColor" VALUE="0">
<PARAM NAME="BackColor" VALUE="16777215"></OBJECT>