14 DAY TRIAL // BitDefender AntiVirus is a powerful antivirus solution that is meant to protect users' computer against viruses, worms, Trojans and other infected or malicious files. The application is one of the most popular antivirus software on the Internet, many users installing it being attracted by the powerful features it contains.
It seems like the antivirus program is not safe anymore because the company confirmed a vulnerability discovered in a multiple antivirus solution that can allow an attacker to control a vulnerable system. Softwin confirmed the flaw and added that the affected solutions are BitDefender Antivirus, BitDefender Antivirus Plus, BitDefender for ISA Server, BitDefender for MS Exchange 2000, BitDefender for MS Exchange 2003, BitDefender for MS Exchange 5.5, Bitdefender Internet Security, BitDefender Mail Protection for Enterprises and BitDefender Online Scanner installed on multiple operating systems: Fedora, FreeBSD, Mandrake, Red Hat, Slackware, SUSE, Windows 2000, Windows 2003, Windows 98, Windows Me, Windows NT, Windows XP.
Security Company Secunia rated the flaw as highly critical and said that the solution to fix the vulnerability is an update to the latest version of the antivirus solution.
"Sergio Alvarez has reported a vulnerability in BitDefender Anti-Virus, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an integer overflow within the AntiVirus engine when parsing certain packed PE files. This can be exploited to cause a heap-based buffer overflow via a specially crafted PE file. Successful exploitation may allow execution of arbitrary code," Secunia said.
Softwin said that the company was informed about the vulnerability on August 24, 2006, with more details offered on August 28, 2006. The company already released a patch to fix the security flaw that was distributed via the auto update function included in the antivirus solution so, if you have these options enabled, you're surely safe.