<http://www.ravantivirus.com/index.php> RAV Online Scanning is "a free
antivirus scanner for internet users. It is run on the user's browsers as
an ActiveX".
The ActiveX file called ravonline.dll has a function named
browseForFolder() that can be overflowed by passing a very long string as
an argument. Since the function browseForFolder() is imported from
Shell32.dll, so it looks like the problem maybe lay in the Shell32.dll and
not in the ActiveX itself however users that use RAV Online Scanning are
still vulnerable to the overflow.
DETAILS
Workaround:
Delete the ActiveX (ravonline.dll) in the "Downloaded Program Files" in
your Windows Directory.
Vendor status:
The vendor has been notified of the issue, no response have been received
until now.
ADDITIONAL INFORMATION
The information has been provided by <mailto:trihuynh@zeeup.com> Tri
Huynh.
--
JacK
<http://www.ravantivirus.com/index.php> RAV Online Scanning is "a free antivirus scanner for internet users. It is run on the user's browsers as an ActiveX".
The ActiveX file called ravonline.dll has a function named browseForFolder() that can be overflowed by passing a very long string as an argument. Since the function browseForFolder() is imported from Shell32.dll, so it looks like the problem maybe lay in the Shell32.dll and not in the ActiveX itself however users that use RAV Online Scanning are still vulnerable to the overflow.
Le propriétaire de RAV devrait le signaler à Microsoft :-D
Roland Garcia
On en parlait dernièrement : les AV online utilisant un activeX ...
<http://www.ravantivirus.com/index.php> RAV Online Scanning is "a free
antivirus scanner for internet users. It is run on the user's browsers as
an ActiveX".
The ActiveX file called ravonline.dll has a function named
browseForFolder() that can be overflowed by passing a very long string as
an argument. Since the function browseForFolder() is imported from
Shell32.dll, so it looks like the problem maybe lay in the Shell32.dll and
not in the ActiveX itself however users that use RAV Online Scanning are
still vulnerable to the overflow.
Le propriétaire de RAV devrait le signaler à Microsoft :-D
<http://www.ravantivirus.com/index.php> RAV Online Scanning is "a free antivirus scanner for internet users. It is run on the user's browsers as an ActiveX".
The ActiveX file called ravonline.dll has a function named browseForFolder() that can be overflowed by passing a very long string as an argument. Since the function browseForFolder() is imported from Shell32.dll, so it looks like the problem maybe lay in the Shell32.dll and not in the ActiveX itself however users that use RAV Online Scanning are still vulnerable to the overflow.
Le propriétaire de RAV devrait le signaler à Microsoft :-D