header-logo
Suggest Exploit
vendor:
AvxScanOnlineCtrl
by:
7.5
CVSS
HIGH
File Upload and Execution
CWE
Product Name: AvxScanOnlineCtrl
Affected Version From:
Affected Version To:
Patch Exists:
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

BitDefender AvxScanOnlineCtrl COM Object File Upload and Execution Vulnerability

The BitDefender AvxScanOnlineCtrl COM object is affected by a file upload and execution vulnerability. A remote user can specify a file to be uploaded and executed on a system running the affected software. This can result in unauthorized access to the system.

Mitigation:

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10174/info

Reportedly the BitDefender AvxScanOnlineCtrl COM object is affected by a file upload and execution vulnerability. This issue is due to a design error that allows a remote user to specify a file to be uploaded and executed on a system running the affected software.

This issue may be leveraged by a remote attacker to upload and execute arbitrary files on an affected system; most likely resulting in unauthorized access. Other attackers are also possible.

<HTML>
<OBJECT id=seemycomputer codeBase=http://www.bitdefender.com/scan/Msie/bitdefender.cab#version=3,0,0,1 hspace=0 vspace=0 align="top" classid=CLSID:80DD2229-B8E4-4C77-B72F-F22972D723EA width=405 height=180>
<PARAM NAME="_ExtentX" VALUE="6614">
<PARAM NAME="_ExtentY" VALUE="4498">
<PARAM NAME="_StockProps" VALUE="9">
<PARAM NAME="ForeColor" VALUE="0">
<PARAM NAME="BackColor" VALUE="16777215"></OBJECT>
</HTML>