Yet another AV company opens up their customer's computers to attack

["Richard M. Smith" <rms () computerbytesman com>]

Kaspersky Online Scanner installed vulnerable ActiveX control 
 
http://www.heise-security.co.uk:80/news/97273
 
Leading anti-virus developer Kaspersky Lab has released a new version of the
ActiveX control that installs the Kaspersky Online
<http://www.kaspersky.com/virusscanner/> Scanner on its customers'
computers. The new component (kavwebscan.dll) is version 5.0.98.0. It
resolves critical vulnerabilities that can be exploited to execute arbitrary
code when, for example, a user visits a specially crafted website using the
Internet Explorer Web browser. 

According to an iDefense advisory, the vulnerability results from format
string errors in several functions of the ActiveX control. The existence of
the vulnerability was confirmed in version 5.0.93.0, but it probably also
affects previous versions. If you wish to find out which version of the
control is installed on your computer, you can view it under
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner. If the version
number is not displayed with the file name, simply right-click on the icon
and select "Properties." 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.