CVE-2008-1307

Name of the Vulnerable Software and Affected Versions Beijing KingSoft Antivirus Online Update Module version 2007.12.29.29

Description The issue is related to a heap-based buffer overflow in the KUpdateObj2 Class ActiveX control. This occurs when a long argument is passed to the SetUninstallName method, allowing remote attackers to execute arbitrary code.

Recommendations For version 2007.12.29.29, consider disabling the SetUninstallName method in the KUpdateObj2 Class ActiveX control until a patch is available. Restrict access to the UpdateOcx2.dll module to minimize the risk of exploitation.