Buffer overflows in Authentium anti-virus software
US-CERT has reported multiple critical vulnerabilities in Authentium's Command Antivirus anti-virus solution. The cause of the problem is the odapi.dll library, which provides a number of ActiveX controls in which buffer overflows can be provoked. According to the vulnerability note, these apparently allow malicious code to be injected onto a computer and executed with the user's privileges. Visiting a crafted website is sufficient to infect an affected PC with malware. The bug has been fixed in versions 4.93.8 and later of Command Antivirus. The current version is 4.94.5.
US-CERT notes that the product may find its way onto computers in combination with other software, for example as part of packages from ISPs including BellSouth, EarthLink and PeoplePC. To be on the safe side, where these providers do not provide updates users should set the kill bit for these controls in the registry in order to prevent them from being loaded and exploited. To do so, save the following code in a file with the extension .reg, then double click on that file:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{103CAE29-DB09-4F77-812B-FFC0C3BC91A1}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{1F22F6F1-FDC5-4C6D-9335-B6E31315FB1B}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{253A6409-6917-48EF-9CC7-9CB79FDA4169}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{50F3C8D1-E5E8-463D-A6E5-5A5966359538}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{567408B9-78B1-44DD-9CC2-7AC136C916C5}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{67EC8D27-C3CD-447E-9315-46A04DDB6C35}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{6D855303-A902-4608-8668-C177F80AB429}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{8EDDD996-E47F-4C59-8505-9FC570612FB6}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{A1962F85-324C-4751-83ED-27426F9F6E36}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{FED9DA10-9C9E-4AEB-B5B2-51C7ADC7A4DA}]
"Compatibility Flags"=dword:00000400
Inexperienced users are best advised to deactivate ActiveX in their browser.
- Authentium Command Antivirus odapi.dll multiple ActiveX buffer overflows, vulnerability note from US-CERT
(mba)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
