Friday, June 1, 2007

ActiveX Issue is Old News

Will Dorman over at CERT has discovered a buffer overflow vulnerability in an old version of our Command Antivirus engine.

It does not affect anyone using a current version of our product.

As CERT notes, the issue was resolved with the release of our 4.93.8 engine a year ago.

Note: Secunia has posted some wrong information on their site. This vulnerability *does not* affect all 4x versions of our software, as quoted by Secunia in their posting - this is wrong. We're working on getting them to rectify their post on this.

CERT's information advisory, which they published after extensive consultation with our team, is correct. Our thanks to Will Dorman and his team there for ensuring the right information was posted.

Bottom line: if you've updated your Command Antivirus software at least once in the past year, or using product delivered in the past year, you're fine. Robert Sandilands, our head Virus Researcher has also posted on this subject on his blog here.

No comments: