Signature Detail

SMTP: BitDefender Antivirus Logging Function Format String Vulnerability

There exists a format string vulnerability in BitDefender Antivirus product. The flaw is caused by improper validation of file names when printing logging information. By delivering files with crafted names to a vulnerable target, a remote attacker may leverage this vulnerability to bypass the detection for further attacks or execute arbitrary code. An unsuccessful attack will cause the current scanning process to terminate unexpectedly, the functionality of the Anti-Virus product as a whole will not be affected. The AV application will not produce any log entries as a result of its unexpected termination. The attacker may utilize this issue to bypass the scanning of a known virus file when the Scan accessed files option in the AV application setting is disabled. A successful attack aiming at code injection and execution will divert the process flow of the vulnerable application. This will result in arbitrary code execution. The behaviour of the target system as a result of such an attack is dependent on the intention of the injected code.

Extended Description

BitDefender Antivirus is a proprietary antivirus product for multiple platforms. A format string vulnerability affects the logging functionality of BitDefender Antivirus. This issue is due to a failure of the application to properly sanitize user-supplied input prior to passing it as the format specifier to a formatted printing function. A remote attacker may leverage this issue to write to arbitrary process memory, facilitating code execution, and privilege escalation. This issue was reported in BitDefender versions 7.2, 8, and 9 for Windows. Other versions and platforms may also be affected.

Affected Products

• Softwin BitDefender 7.0.0
• Softwin BitDefender 7.2.0
• Softwin BitDefender 8.0.0
• Softwin BitDefender 9.0.0

References

• BugTraq: 14968
• CVE: CVE-2005-3154