Signature Detail

HTTP: BitDefender Antivirus PDF Processing Memory Corruption

There exists a memory corruption vulnerability in multiple BitDefender products. The vulnerability is due to boundary errors within the BitDefender PDF Scanner plugin pdf.xmd. A remote attacker can exploit this vulnerability by delivering a crafted PDF file to the vulnerable system, potentially causing arbitrary code to be injected and executed in the security context of the current user. In case of a successful code injection and execution attack, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the currently logged in user. If the code injection and execution fails, a denial of service might occur due to termination of the anti-virus process, or resource exhaustion when the attack results in an infinite loop in the code. Both cases might allow for further exploitation of the target system, exposing the system to other threats in absence of the Antivirus daemon.

Extended Description

BitDefender is prone to a remote denial-of-service vulnerability that occurs when a malicious PDF file is scanned using BitDefender's command-line scanner 'bdc.exe'. Attackers can exploit this issue to deny service to legitimate users. UPDATE (November 25, 2008): Further reports indicate that the vulnerable module 'pdf.xmd' is used in other applications, rendering them vulnerable as well.

Affected Products

• 602 Software Groupware Server 6.0.08.1118
• BitDefender AntiVirus 2009
• BitDefender AntiVirus
• BitDefender Free Edition
• BitDefender Internet Security
• BullGuard BullGuard Internet Security 8.5

References

• BugTraq: 32396