Will Dormann has reported some vulnerabilities in Zenturi ProgramChecker, which can be exploited by malicious people to compromise a user's system.
The vulnerabilities are caused due to boundary errors within the Zenturi ProgramChecker ActiveX Components (sasatl.dll) ActiveX controls when handling certain methods or properties (e.g. "DebugMsgLog()", "DoFileProperties()", "Scan()"). These can be exploited to cause buffer overflows when e.g. a user visits a malicious website.
Successful exploitation allows execution of arbitrary code.
Solution: Set the kill-bit for the affected ActiveX control.
Provided and/or discovered by: Will Dormann, CERT/CC
Original Advisory: US-CERT VU#603529:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org