• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

G DATA Antivirus 2007 ScanObjectBrowser.DLL ActiveX Control Buffer Overflow Weakness

G DATA Antivirus 2007 is prone to a buffer-overflow weakness because it fails to perform adequate boundary checks.

Successful exploits will allow attackers to execute arbitrary code in the context of an application using the control (typically Internet Explorer). Since the affected control is not marked 'safe for scripting', attackers must exploit this issue in conjunction with zone-escalation or cross-zone scripting attacks.

G DATA Antivirus 2007 is vulnerable to this issue; other versions may also be affected.