Test ID:	1.3.6.1.4.1.25623.1.0.900327
Category:	Windows
Title:	BitDefender Internet Security 2009 XSS Vulnerability
Summary:	BitDefender Internet Security is prone to a cross-site scripting (XSS) vulnerability.
Description:	Summary: BitDefender Internet Security is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: BitDefender Internet Security product fails to properly sanitise the input passed through the filename (.rar or .zip archives) of an infected executable before being used to output infection details. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary script codes in a local context by including a malicious HTML file placed on the local system. Affected Software/OS: BitDefender Internet Security version 2009 build 12.0.11.4 and prior. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0850 BugTraq ID: 33921 http://www.securityfocus.com/bid/33921 Bugtraq: 20090226 BitDefender Internet Security XSS (Google Search) http://www.securityfocus.com/archive/1/501277/100/0/threaded Bugtraq: 20090227 Re: BitDefender Internet Security XSS (Google Search) http://www.securityfocus.com/archive/1/501299/100/0/threaded http://secunia.com/advisories/34082 http://www.vupen.com/english/advisories/2009/0557
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.