CVE-2007-3675

Name of the Vulnerable Software and Affected Versions Kaspersky Online Scanner versions prior to 5.0.98

Description The issue concerns multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control. These vulnerabilities can be exploited by remote attackers to execute arbitrary code via format string specifiers in various string formatting functions, leading to heap-based buffer overflows.

Recommendations For versions prior to 5.0.98, update to version 5.0.98 or later to resolve the issue. As a temporary workaround, consider restricting access to the kavwebscan.CKAVWebScan ActiveX control until the update is applied.