---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: BitDefender Insecure Program Execution Vulnerability SECUNIA ADVISORY ID: SA15076 VERIFY ADVISORY: http://secunia.com/advisories/15076/ CRITICAL: Not critical IMPACT: Privilege escalation, DoS WHERE: Local system SOFTWARE: BitDefender Antivirus Standard 8.x http://secunia.com/product/4988/ BitDefender Antivirus Professional Plus 8.x http://secunia.com/product/4987/ DESCRIPTION: fRoGGz has reported a vulnerability in BitDefender, which can be exploited by malicious, local users to disable the virus protection or gain escalated privileges. During installation, the installation process creates entries in the "Run" registry key to automatically run some programs when a user logs in. However, these entries are created insecurely and can be exploited to prevent the virus protection from starting up or execute arbitrary code with the privileges of another user logging in by placing a file with a specially crafted name in the application path. Successful exploitation requires that the application has been installed in a non-default location with a directory name in the path containing a white space character and that an unprivileged user can create a specially named file in this path. NOTE: This is not considered an issue in a default install, as only administrative users can create the file "C:\program.exe" on supported and fully updated versions of Windows. SOLUTION: The vendor recommends quoting the command line of the created entries in the registry. PROVIDED AND/OR DISCOVERED BY: fRoGGz, SecuBox Labs. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------