PT-2014-4981 · Avg · Avg Secure Search Toolbar+2
Will Dormann
·
Published
2014-07-08
·
Updated
2014-07-08
·
CVE-2014-2956
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
AVG Secure Search toolbar versions prior to 18.1.7.598
AVG Safeguard versions prior to 18.1.7.644
Description
The issue concerns the ScriptHelperApi in the AVG ScriptHelper ActiveX control, which does not implement domain-based access control for method calls. This allows remote attackers to trigger the downloading and execution of arbitrary programs via a crafted web site.
Recommendations
For AVG Secure Search toolbar versions prior to 18.1.7.598, update to version 18.1.7.598 or later.
For AVG Safeguard versions prior to 18.1.7.644, update to version 18.1.7.644 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avg Safeguard
Avg Scripthelper Activex Control
Avg Secure Search Toolbar