cnvd - cnvd-2017-28436

CNVD-2017-28436

Vulnerability from cnvd - Published: 2017-09-27

Title

Bitdefender Internet Security PDF Predictor远程代码执行漏洞

Description

BitDefender Internet Security是可提供多种防护功能的安全软件。 Bitdefender Internet Security在pdf.xmd中存在安全漏洞，攻击者通过诱使用户浏览恶意网页或打开恶意文件，利用此漏洞可在受影响应用中执行任意代码。

Severity

高

Patch Name

Bitdefender Internet Security PDF Predictor远程代码执行漏洞的补丁

Patch Description

BitDefender Internet Security是可提供多种防护功能的安全软件。 Bitdefender Internet Security在pdf.xmd中存在安全漏洞，攻击者通过诱使用户浏览恶意网页或打开恶意文件，利用此漏洞可在受影响应用中执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.bitdefender.com/

Reference

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10954

Impacted products

Name
BitDefender Internet Security

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-10954"
    }
  },
  "description": "BitDefender Internet Security\u662f\u53ef\u63d0\u4f9b\u591a\u79cd\u9632\u62a4\u529f\u80fd\u7684\u5b89\u5168\u8f6f\u4ef6\u3002\r\n\r\nBitdefender Internet Security\u5728pdf.xmd\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u6d4f\u89c8\u6076\u610f\u7f51\u9875\u6216\u6253\u5f00\u6076\u610f\u6587\u4ef6\uff0c\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "unknow",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.bitdefender.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-28436",
  "openTime": "2017-09-27",
  "patchDescription": "BitDefender Internet Security\u662f\u53ef\u63d0\u4f9b\u591a\u79cd\u9632\u62a4\u529f\u80fd\u7684\u5b89\u5168\u8f6f\u4ef6\u3002\r\n\r\nBitdefender Internet Security\u5728pdf.xmd\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u6d4f\u89c8\u6076\u610f\u7f51\u9875\u6216\u6253\u5f00\u6076\u610f\u6587\u4ef6\uff0c\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Bitdefender Internet Security PDF Predictor\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "BitDefender Internet Security"
  },
  "referenceLink": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10954",
  "serverity": "\u9ad8",
  "submitTime": "2017-09-08",
  "title": "Bitdefender Internet Security PDF Predictor\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2017-10954 (GCVE-0-2017-10954)

Vulnerability from cvelistv5 – Published: 2017-10-31 19:00 – Updated: 2024-08-05 17:50

Summary

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security Internet Security 2018 prior to build 7.72918. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within pdf.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4361.

Severity ?

No CVSS data available.

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

zdi

References

URL

Tags

	https://zerodayinitiative.com/advisories/ZDI-17-717	x_refsource_MISC
	http://www.securityfocus.com/bid/100676	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Bitdefender	Bitdefender Internet Security	Affected: Internet Security 2018 prior to build 7.72918

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:50:12.839Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://zerodayinitiative.com/advisories/ZDI-17-717"
          },
          {
            "name": "100676",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100676"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bitdefender Internet Security",
          "vendor": "Bitdefender",
          "versions": [
            {
              "status": "affected",
              "version": "Internet Security 2018 prior to build 7.72918"
            }
          ]
        }
      ],
      "datePublic": "2017-10-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security Internet Security 2018 prior to build 7.72918. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within pdf.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4361."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190-Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-01T09:57:01",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://zerodayinitiative.com/advisories/ZDI-17-717"
        },
        {
          "name": "100676",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100676"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "zdi-disclosures@trendmicro.com",
          "ID": "CVE-2017-10954",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Bitdefender Internet Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Internet Security 2018 prior to build 7.72918"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Bitdefender"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security Internet Security 2018 prior to build 7.72918. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within pdf.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4361."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-190-Integer Overflow or Wraparound"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://zerodayinitiative.com/advisories/ZDI-17-717",
              "refsource": "MISC",
              "url": "https://zerodayinitiative.com/advisories/ZDI-17-717"
            },
            {
              "name": "100676",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100676"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2017-10954",
    "datePublished": "2017-10-31T19:00:00",
    "dateReserved": "2017-07-05T00:00:00",
    "dateUpdated": "2024-08-05T17:50:12.839Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-28436

CVE-2017-10954 (GCVE-0-2017-10954)

Tags

Sightings

Nomenclature