Buffer Overflow Vulnerability in BitDefender Online Anti-Virus Scanner 8.0
CVE-2007-6189

Currently unrated

Key Information:

Vendor: Bitdefender
Status: Online Anti-virus Scanner
Vendor: CVE Published:; 30 November 2007

🔔 Create Bitdefender Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 23%

What is CVE-2007-6189?

The BitDefender Online Anti-Virus Scanner 8.0 includes an ActiveX control vulnerable to a buffer overflow through the InitX method. Attackers can exploit this by sending a long argument starting with a '%%' sequence, which leads to improper memory management due to misinterpretation as a Unicode string. This flaw allows for arbitrary code execution, presenting serious security risks to affected systems.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2007-6189 - Proof of Concept

References

http://securitytracker.com/id?1018986

vdb-entryx_refsource_SECTRACK

http://research.eeye.com/html/advisories/published/AD2007...

x_refsource_MISC

http://securityreason.com/securityalert/3405

third-party-advisoryx_refsource_SREASON

EPSS Score

23% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 30, 2007
👾
Exploit known to exist
Nov 30, 2007
Vulnerability published
Nov 30, 2007
Vulnerability Reserved
Nov 29, 2007

CVE-2007-6189 Data

JSON