14 DAY TRIAL // Several BitDefender products are affected by a bdelev.dll ActiveX control double free vulnerability, SecurityFocus informed today. BitDefender Total Security 2008, BitDefender Internet Security 2008 and BitDefender Antivirus 2008, they are all affected by the same vulnerability. In order to be able to exploit an affected system, the attack has to trick the user to open a malicious web document, the same source mentioned above continued.
"A BitDefender Antivirus 2008 ActiveX control is prone a double-free vulnerability because of a flaw in the way that the 'bdelev.dll' library handles certain object data prior to returning it", SecurityFocus wrote in the advisory. "Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions."
The folks at Softwin have already investigated the problem and have released an update supposed to correct the vulnerability. The same patch is available for all of the affected products, so all you're required to do is to download and install the fix. Obviously, the patch has already been published on Softpedia, since November 30th,and can be downloaded for free using the following link. The patch has 14.3 MB and can be installed only on the Windows machines. Note that the patch comes with the November 2007 virus definitions, so that's the correct download link. The fix is available for both x86 and x64 computers.
As you can see, the description mentioned on the Softpedia download page states that the update can be used with all the above products. "Can be used with the following Bitdefender products: Total Security 2008, Internet Security 2008 and Antivirus 2008", it reads.
BitDefender created some of the most efficient and popular security technologies on the web, having millions of consumers all over the world. Its latest solutions include BitDefender Antivirus 2008, a security product that is also compatible with the latest Microsoft operating system, Windows Vista.