BitDefender online anti-virus scanner creates security vulnerability
Anti-virus vendor BitDefender offers an online virus scanner, which installs ActiveX components onto the computer being scanned. A security vulnerability in one of these controls can be exploited by an attacker using crafted web pages to inject arbitrary code onto the computer.
The InitX function in the OScan.ocx ActiveX control accepts strings from web pages which it uses to identify the website from which the function is called – this is actually intended to ensure that the online virus scanner can only be called from BitDefender's website. However, placing two percent signs in front of the string causes OScan.ocx to double decode the string and thereby to overwrite arbitrary memory areas used by Internet Explorer or ActiveX control processes. According to a security advisory from eEye, this results in a heap-based buffer overflow.
BitDefender has released an updated ActiveX control in which this bug is fixed. On visiting the website, BitDefender now installs an ActiveX control called Oscan82.ocx. According to eEye, the old OScan.ocx control remains on the user's hard drive, but can no longer be loaded by web pages. Users who have previously made use of BitDefender's online anti-virus scanner should either pay a visit to the BitDefender website ASAP in order to install the update or should deactivate ActiveX support in Internet Explorer for the internet zone.
- BitDefender Online Scanner 8 Double Decode Heap Overflow, security advisory from eEye
- BitDefender Online Scanner with updated ActiveX control