Kaspersky Online Scanner installed vulnerable ActiveX control
Leading anti-virus developer Kaspersky Lab has released a new version of the ActiveX control that installs the Kaspersky Online Scanner on its customers' computers. The new component (kavwebscan.dll) is version 126.96.36.199. It resolves critical vulnerabilities that can be exploited to execute arbitrary code when, for example, a user visits a specially crafted website using the Internet Explorer Web browser.
According to an iDefense advisory, the vulnerability results from format string errors in several functions of the ActiveX control. The existence of the vulnerability was confirmed in version 188.8.131.52, but it probably also affects previous versions. If you wish to find out which version of the control is installed on your computer, you can view it under C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner. If the version number is not displayed with the file name, simply right-click on the icon and select "Properties."
Anyone who has used the Online Scanner in the past should update their system as soon as possible. To install the latest version of the control, just launch the Scanner. Another option is to delete the vulnerable DLL file. Setting the kill-bit for this control (ClassID 0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75) will also prevent the vulnerability from being loaded, but it also disables the Kaspersky Online Scanner.
- Kaspersky Lab announces the release of a new version of its free Kaspersky Online Scanner
- Kaspersky Web Scanner ActiveX Format String Vulnerability, iDefense Advisory