In association with heise online

12 October 2007, 09:27

Kaspersky Online Scanner installed vulnerable ActiveX control

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Properties dialog
The version number of the control can be displayed by selecting Properties
Leading anti-virus developer Kaspersky Lab has released a new version of the ActiveX control that installs the Kaspersky Online Scanner on its customers' computers. The new component (kavwebscan.dll) is version 5.0.98.0. It resolves critical vulnerabilities that can be exploited to execute arbitrary code when, for example, a user visits a specially crafted website using the Internet Explorer Web browser.

According to an iDefense advisory, the vulnerability results from format string errors in several functions of the ActiveX control. The existence of the vulnerability was confirmed in version 5.0.93.0, but it probably also affects previous versions. If you wish to find out which version of the control is installed on your computer, you can view it under C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner. If the version number is not displayed with the file name, simply right-click on the icon and select "Properties."

Anyone who has used the Online Scanner in the past should update their system as soon as possible. To install the latest version of the control, just launch the Scanner. Another option is to delete the vulnerable DLL file. Setting the kill-bit for this control (ClassID 0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75) will also prevent the vulnerability from being loaded, but it also disables the Kaspersky Online Scanner.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-733772
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit