CVE-2005-3154

Published: Oct 5, 2005Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name.

Affected (3)

Products: Softwin: Bitdefender

Softwin

1 product

Bitdefender

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Softwin Bitdefender	Version 7.2
Softwin Bitdefender	Version 8.0
Softwin Bitdefender	Version 9.0

Related CWEs

CWE-134

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (10)

http://kb.bitdefender.com/KB261-en--Filename-Format-String-Vulnerability.html

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/16991

Source: cve@mitre.org

Permissions Required

http://securityreason.com/securityalert/45

Source: cve@mitre.org

Third Party Advisory

http://shadock.net/secubox/BitDefenderLoggingFunc.html

Source: cve@mitre.org

Broken Link

http://www.securityfocus.com/bid/14968

Source: cve@mitre.org

Third Party Advisory

http://kb.bitdefender.com/KB261-en--Filename-Format-String-Vulnerability.html