funsec mailing list archives
Yet another AV company opens up their customer's computers to attack
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Sat, 13 Oct 2007 08:27:42 -0400
Kaspersky Online Scanner installed vulnerable ActiveX control http://www.heise-security.co.uk:80/news/97273 Leading anti-virus developer Kaspersky Lab has released a new version of the ActiveX control that installs the Kaspersky Online <http://www.kaspersky.com/virusscanner/> Scanner on its customers' computers. The new component (kavwebscan.dll) is version 5.0.98.0. It resolves critical vulnerabilities that can be exploited to execute arbitrary code when, for example, a user visits a specially crafted website using the Internet Explorer Web browser. According to an iDefense advisory, the vulnerability results from format string errors in several functions of the ActiveX control. The existence of the vulnerability was confirmed in version 5.0.93.0, but it probably also affects previous versions. If you wish to find out which version of the control is installed on your computer, you can view it under C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner. If the version number is not displayed with the file name, simply right-click on the icon and select "Properties."
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Yet another AV company opens up their customer's computers to attack Richard M. Smith (Oct 13)