CVE-2004-1947
CVSS5.0
发布时间 :2004-04-19 00:00:00
修订时间 :2016-10-17 23:03:34
NMCOE    

[原文]The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab.


[CNNVD]Softwin BitDefender AvxScanOnlineCtrl COM对象信息泄露漏洞(CNNVD-200404-070)

        
        BitDefender Scan Online是一款多功能的反病毒产品,包含基于WEB接口的在线扫描系统。
        BitDefender AvxScanOnlineCtrl COM对象存在设计错误,远程攻击者利用这个漏洞获得系统敏感信息如文件夹信息。
        "BitDefender Scan Online"下载和注册如下AvxScanOnlineCtrl COM对象:
        "AVXSCANONLINE.AvxScanOnlineCtrl.1"
        With the following CLSID:
        80DD2229-B8E4-4C77-B72F-F22972D723EA
        所有属性和函数可使用如下形式访问(HTML对象标记建立的对象):
        "        codeBase=http://www.bitdefender.com/scan/Msie/bitdefender.cab#version=3,0,0,
        1
        hspace=0 vspace=0 align="top"
        classid=CLSID:80DD2229-B8E4-4C77-B72F-F22972D723EA
        width=405 height=180>"
        利用这个问题可获取用户信息,允许远程用户查看所有驱动盘和文件夹信息。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1947
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1947
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200404-070
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=108240639427412&w=2
(UNKNOWN)  BUGTRAQ  20040419 BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure
http://marc.info/?l=bugtraq&m=108248367901616&w=2
(UNKNOWN)  BUGTRAQ  20040420 Re: BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure
http://securitytracker.com/id?1009862
(UNKNOWN)  SECTRACK  1009862
http://www.securityfocus.com/bid/10174
(UNKNOWN)  BID  10174
http://www.securityfocus.com/bid/10175
(VENDOR_ADVISORY)  BID  10175
http://xforce.iss.net/xforce/xfdb/15911
(VENDOR_ADVISORY)  XF  bitdefender-avxscanonline-code-execution(15911)

- 漏洞信息

Softwin BitDefender AvxScanOnlineCtrl COM对象信息泄露漏洞
中危 设计错误
2004-04-19 00:00:00 2005-10-28 00:00:00
远程  
        
        BitDefender Scan Online是一款多功能的反病毒产品,包含基于WEB接口的在线扫描系统。
        BitDefender AvxScanOnlineCtrl COM对象存在设计错误,远程攻击者利用这个漏洞获得系统敏感信息如文件夹信息。
        "BitDefender Scan Online"下载和注册如下AvxScanOnlineCtrl COM对象:
        "AVXSCANONLINE.AvxScanOnlineCtrl.1"
        With the following CLSID:
        80DD2229-B8E4-4C77-B72F-F22972D723EA
        所有属性和函数可使用如下形式访问(HTML对象标记建立的对象):
        "        codeBase=http://www.bitdefender.com/scan/Msie/bitdefender.cab#version=3,0,0,
        1
        hspace=0 vspace=0 align="top"
        classid=CLSID:80DD2229-B8E4-4C77-B72F-F22972D723EA
        width=405 height=180>"
        利用这个问题可获取用户信息,允许远程用户查看所有驱动盘和文件夹信息。
        

- 公告与补丁

        厂商补丁:
        Softwin
        -------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        
        http://www.bitdefender.com/

- 漏洞信息 (24024)

Softwin BitDefender AvxScanOnlineCtrl COM Object Remote File Upload And Execution Vulnerability (EDBID:24024)
windows remote
2004-04-19 Verified
0 Rafel Ivgi The-Insider
N/A [点击下载]
source: http://www.securityfocus.com/bid/10174/info

Reportedly the BitDefender AvxScanOnlineCtrl COM object is affected by a file upload and execution vulnerability. This issue is due to a design error that allows a remote user to specify a file to be uploaded and executed on a system running the affected software.

This issue may be leveraged by a remote attacker to upload and execute arbitrary files on an affected system; most likely resulting in unauthorized access. Other attackers are also possible.

<HTML>
<OBJECT id=seemycomputer codeBase=http://www.bitdefender.com/scan/Msie/bitdefender.cab#version=3,0,0,1 hspace=0 vspace=0 align="top" classid=CLSID:80DD2229-B8E4-4C77-B72F-F22972D723EA width=405 height=180>
<PARAM NAME="_ExtentX" VALUE="6614">
<PARAM NAME="_ExtentY" VALUE="4498">
<PARAM NAME="_StockProps" VALUE="9">
<PARAM NAME="ForeColor" VALUE="0">
<PARAM NAME="BackColor" VALUE="16777215"></OBJECT>
</HTML>		

- 漏洞信息 (24025)

Softwin BitDefender AvxScanOnlineCtrl COM Object Information Disclosure Vulnerability (EDBID:24025)
windows remote
2004-04-19 Verified
0 Rafel Ivgi The-Insider
N/A [点击下载]
source: http://www.securityfocus.com/bid/10175/info

Reportedly the BitDefender AvxScanOnlineCtrl COM object is affected by an information disclosure vulnerability. This issue is due to a design error that allows a remote user to execute a method in the offending object that provides access to unauthorized information.

This issue would allow an attacker to gain access system information that may be used to aid in further attacks.

<OBJECT id=seemycomputer
codeBase=http://www.bitdefender.com/scan/Msie/bitdefender.cab#version=3,0,0,
1
hspace=0 vspace=0 align="top"
classid=CLSID:80DD2229-B8E4-4C77-B72F-F22972D723EA
width=405 height=180>
<PARAM NAME="_ExtentX" VALUE="6614">
<PARAM NAME="_ExtentY" VALUE="4498">
<PARAM NAME="_StockProps" VALUE="9">
<PARAM NAME="ForeColor" VALUE="0">
<PARAM NAME="BackColor" VALUE="16777215"></OBJECT>		

- 漏洞信息

5549
BitDefender AvxScanOnline ActiveX Control Arbitrary File Execution
Remote / Network Access, Context Dependent Input Manipulation
Loss of Confidentiality, Loss of Integrity, Loss of Availability
Exploit Public

- 漏洞描述

AvxScanOnline contains a flaw in Atctive X control that may allow a remote attacker to execute arbitrary files. The issue is due to insecure method ("RequestFile()") in Active control. By tricking the user into visiting a malicious website, a remote attacker may download a remote file and execute it on the user's system, resulting in a loss of confidentiality, integrity, and availability.

- 时间线

2004-04-20 Unknow
2004-04-19 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, BitDefender has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站