CVE-2004-1947
published 2004-04-19CVE-2004-1947: The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system…
PriorityP428medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
6.84%
93.2th percentile
The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Softwin BitDefender - AvxScanOnlineCtrl COM Object Information Disclosure
exploitdb·2004-04-19
CVE-2004-1947 Softwin BitDefender - AvxScanOnlineCtrl COM Object Information Disclosure
Softwin BitDefender - AvxScanOnlineCtrl COM Object Information Disclosure
---
source: https://www.securityfocus.com/bid/10175/info
Reportedly the BitDefender AvxScanOnlineCtrl COM object is affected by an information disclosure vulnerability. This issue is due to a design error that allows a remote user to execute a method in the offending object that provides access to unauthorized information.
This issue would allow an attacker to gain access system information that may be used to aid in further attacks.
Exploit-DB
Softwin BitDefender - AvxScanOnlineCtrl COM Object Arbitrary File Upload / Execution
exploitdb·2004-04-19
CVE-2004-1947 Softwin BitDefender - AvxScanOnlineCtrl COM Object Arbitrary File Upload / Execution
Softwin BitDefender - AvxScanOnlineCtrl COM Object Arbitrary File Upload / Execution
---
source: https://www.securityfocus.com/bid/10174/info
Reportedly the BitDefender AvxScanOnlineCtrl COM object is affected by a file upload and execution vulnerability. This issue is due to a design error that allows a remote user to specify a file to be uploaded and executed on a system running the affected software.
This issue may be leveraged by a remote attacker to upload and execute arbitrary files on an affected system; most likely resulting in unauthorized access. Other attackers are also possible.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=108240639427412&w=2http://marc.info/?l=bugtraq&m=108248367901616&w=2http://secunia.com/advisories/11427http://securitytracker.com/id?1009862http://www.osvdb.org/5549http://www.securityfocus.com/bid/10174http://www.securityfocus.com/bid/10175https://exchange.xforce.ibmcloud.com/vulnerabilities/15911http://marc.info/?l=bugtraq&m=108240639427412&w=2http://marc.info/?l=bugtraq&m=108248367901616&w=2http://secunia.com/advisories/11427http://securitytracker.com/id?1009862http://www.osvdb.org/5549http://www.securityfocus.com/bid/10174http://www.securityfocus.com/bid/10175https://exchange.xforce.ibmcloud.com/vulnerabilities/15911
2004-04-19
Published