Kaspersky Online Scanner kavwebscan.CKAVWebScan ActiveX (kavwebscan.dll) Format String Arbitrary Code Execution
High Nessus Plugin ID 26969
SynopsisThe remote Windows host has an ActiveX control that is affected by a format string vulnerability.
DescriptionThe remote host contains the Kaspersky Online Scanner, an online virus scanner for Windows.
The version of the Kaspersky Web Scanner ActiveX control installed as part of this software on the remote host contains a format string vulnerability. By tricking a user on the affected host into visiting a specially crafted web page, an attacker may be able to use this method to execute arbitrary code on the affected system subject to the user's privileges.
SolutionUpgrade to Kaspersky Online Scanner version 18.104.22.168 or later.