Vulnerability CVE-2004-1947


Published: 2004-04-19   Modified: 2012-02-12

Description:
The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Softwin -> Bitdefender 

 References:
http://xforce.iss.net/xforce/xfdb/15911
http://www.securityfocus.com/bid/10175
http://secunia.com/advisories/11427
http://marc.theaimsgroup.com/?l=bugtraq&m=108248367901616&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=108240639427412&w=2
http://www.securityfocus.com/bid/10174
http://www.osvdb.org/5549
http://securitytracker.com/id?1009862

Copyright 2024, cxsecurity.com

 

Back to Top