CVE-2007-6189 - CVE Reference - Advisories

CVE Reference: CVE-2007-6189

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-6189

Description: A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in BitDefender Online Anti-Virus Scanner 8.0 allows remote attackers to execute arbitrary code via a long argument to the InitX method that begins with a "%%" sequence, which is misinterpreted as a Unicode string and decoded twice, leading to improper memory allocation and a heap-based buffer overflow.

CVE Status: Candidate

References: ST 1018986 SREASON http://securityreason.com/securityalert/3405 SAID Secunia Advisory: SA27717 MISC http://research.eeye.com/html/advisories/published/AD20071120.html MILW0RM http://www.milw0rm.com/exploits/4663 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/483986/100/100/threaded

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Joomla Community Builder Component File Inclusion

2.	OpenOffice "rtl_allocateMe mory()" Truncation Vulnerability

3.	dotProject SQL Injection and Cross-Site Scripting

4.	Novell eDirectory Multiple Vulnerabilities

5.	Slackware update for amarok

6.	HP TCP/IP Services for OpenVMS Finger Format String Vulnerability

7.	Caudium "configvar" Insecure Temporary Files

8.	phpMyRealty "price_max" SQL Injection Vulnerability

9.	GpsDrive "geo-code" Insecure Temporary Files

10.	Adium MSN SLP Message Integer Overflow Vulnerabilities