Intrusion Prevention

BitDefender.Online.ActiveX.Buffer.Overflow

Description

This indicates an attempt to exploit a buffer-overflow vulnerability in OScan8.ocx and Oscan81.ocx, which are included by default in BitDefender's Online Anti-Virus Scanner.
The vulnerability is caused by an error that occurs when the vulnerable software handles a malicious "InitX" property. It allows a remote attacker to execute arbitrary code via a crafted web page.

Affected Products

BitDefender Online Anti-Virus Scanner 8.0 released on or prior to May 24th 2006.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the patch available from the web site:
http://www.bitdefender.com/scan8/ie.html

CVE References

CVE-2007-5775