Nphinity

**Name of the Vulnerable Software and Affected Versions** BitDefender Online Anti-Virus Scanner version 8.0 **Description** The issue allows remote attackers to execute arbitrary code via a long argument to the `InitX` method that begins with a "%%" sequence. This sequence is misinterpreted as a Unicode string and decoded twice, leading to improper memory allocation and a heap-based buffer overflow. **Recommendations** For BitDefender Online Anti-Virus Scanner version 8.0, consider disabling the `InitX` method in the affected ActiveX controls until a patch is available. Restrict access to the OScan8.ocx and Oscan81.ocx files to minimize the risk of exploitation. Avoid using arguments that start with the "%%" sequence in the `InitX` method until the issue is resolved.