7.5

CVE-2005-3154

Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SoftwinBitdefender Version7.2
SoftwinBitdefender Version8.0
SoftwinBitdefender Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.55% 0.878
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://kb.bitdefender.com/KB261-en--Filename-Format-String-Vulnerability.html
Broken Link
http://secunia.com/advisories/16991
Permissions Required
http://securityreason.com/securityalert/45
Third Party Advisory
http://shadock.net/secubox/BitDefenderLoggingFunc.html
Broken Link
http://www.securityfocus.com/bid/14968
Third Party Advisory