Skip to main content

BitDefenderAntivirus PDF Processing Memory Corruption Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 24 Nov 2008 5426 Views

RISK: Medium Risk

It has discovered a vulnerability in BitDefender Antivirus, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the "pdf.xmd" module when processing data encoded using e.g. the "FlateDecode" and "ASCIIHexDecode" filters. This can be exploited to cause a memory corruption via a specially crafted PDF file.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in BitDefender Free Edition 10 updated 2008-11-21. Other versions may also be affected.


Impact

  • Remote Code Execution

System / Technologies affected

  • BitDefender Antivirus Standard 10and prior
  • BitDefender Free Edition 10and prior

Solutions

There is no official patch for this vulnerability now, please consider the following workaround.

  • Do not scan untrusted PDF files using BitDefender.

  • Vulnerability Identifier

    • No CVE information is available

    Source


    Related Link