eEye Digital Security has discovered a critical remote code execution condition within OScan8.ocx and Oscan81.ocx included by default in BitDefender Online Anti-Virus Scanner 8.0 released on May 24th 2006. OScan.ocx is the main ActiveX component for BitDefender's Anti-Virus Scanner and is initialized by Internet Explorer or any other ActiveX compatible products. After this file is initialized, it generates the GUI for the scanner and manages all User-issued commands. Oscan.ocx has also an internal website verification system to prevent the ActiveX control from being initialized outside of an authorized domain. Unfortunately due to a lack of data-sanitization, OScan.ocx can be forced to be initialized in an unsafe domain and it can be manipulated to corrupt arbitrary memory locations with user supplied values. This could allow a memory corruption scenario that would lead to arbitrary code execution or denial of service conditions.

http://www.securiteam.com/windowsntf...B00L1PKAK.html