Posted by Virus Bulletin on Oct 15, 2007
Exploitable ActiveX control replaced in new version.
Kaspersky Lab has released an updated version of its popular free online scanner to remedy a vulnerability in an ActiveX control used by the scanning system.
The format string flaw, in the 'kavwebscan' ActiveX control, could be exploited by a malicious web page to cause a buffer overflow and run malicious code on vulnerable systems. The problem was first reported by a researcher, via iDefense, in late June, and is now being made public following the release of an update to the scanner to fix the flaw.
Users of the scanner are strongly urged to install the updated version, available from Kaspersky here. More details of the vulnerability are at Kaspersky here, at iDefense here and at Secunia, who labelled the issue 'highly critical', here.
Posted on 15 October 2007 by Virus Bulletin