Exploitable ActiveX control replaced in new version.
Kaspersky Lab
has released an updated version of its popular free online scanner to remedy a vulnerability in an ActiveX control used by the scanning system.
The format string flaw, in the ‘kavwebscan’ ActiveX control, could be exploited by a malicious web page to cause a buffer overflow and run malicious code on vulnerable systems. The problem was first reported by a researcher, via
iDefense
, in late June, and is now being made public following the release of an update to the scanner to fix the flaw.
Users of the scanner are strongly urged to install the updated version, available from
Kaspersky
here
. More details of the vulnerability are at
Kaspersky
here
, at
iDefense
here
and at
Secunia
, who labelled the issue ‘highly critical’,
here
.
Posted on 15 October 2007 by
Virus Bulletin
Leave a Reply