ScriptHelper ActiveX Control Vulnerability in AVG Secure Search Toolbar
CVE-2014-2956

Currently unrated

Key Information:

Vendor

Avg

Status
Safeguard
Secure Search Toolbar
Vendor
CVE Published:
8 July 2014

What is CVE-2014-2956?

The ScriptHelperApi component of the AVG ScriptHelper ActiveX control in ScriptHelper.exe lacks proper domain-based access control. This flaw enables remote attackers to exploit the vulnerability by crafting malicious web content that triggers the downloading and execution of arbitrary programs without user consent. Users of AVG Secure Search toolbar prior to version 18.1.7.598 and AVG Safeguard prior to version 18.1.7.644 are particularly at risk and should update their software to safeguard against potential attacks.

References

http://www.kb.cert.org/vuls/id/960193
third-party-advisoryx_refsource_CERT-VN

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.