|
Application: BitDefender Internet Security 2009
OS: Windows Xp (All patches a day)
------------------------------------------------------
1 - Description
2 - Vulnerability
3 - POC/EXPLOIT
------------------------------------------------------
Description
BitDefender Internet Security is a security software
that includes multiples protections, for example (anti spam, anti spyware,etc).
------------------------------------------------------
Vulnerability
The vulnerability is caused because when you scans a file,
the antivirus used a flash for display the name of file,
with this you can make a malformed rar or zip that containing a script.
and when the av scans the file, run the script.
------------------------------------------------------
POC/EXPLOIT
The poc is the video because for make the poc you need a virus file.
the xss is this
<h1 id="header" onmousemove="alert(1)" test </h1>
http://video.google.com/videoplay?docid=-8346357281340486654
------------------------------------------------------
Juan Pablo Lopez Yacubian
|
