CVE-2007-6189

Name of the Vulnerable Software and Affected Versions BitDefender Online Anti-Virus Scanner version 8.0

Description The issue allows remote attackers to execute arbitrary code via a long argument to the InitX method that begins with a "%%" sequence. This sequence is misinterpreted as a Unicode string and decoded twice, leading to improper memory allocation and a heap-based buffer overflow.

Recommendations For BitDefender Online Anti-Virus Scanner version 8.0, consider disabling the InitX method in the affected ActiveX controls until a patch is available. Restrict access to the OScan8.ocx and Oscan81.ocx files to minimize the risk of exploitation. Avoid using arguments that start with the "%%" sequence in the InitX method until the issue is resolved.