A spokesman for Kaspersky said that version 126.96.36.199 fixed the ActiveX vulnerability.
"Contrary to the statements made in the article Kaspersky Lab was indeed aware of the issue and had issued a statement on 9 October, providing advise [sic] to users," the spokesman said in a written statement.
However, the update was released on the homepage of the company's website under the heading 'Kaspersky Lab announces the release of a new version of its free Kaspersky Online Scanner'.
Users only received news about the fix for the vulnerability, which Secunia rated 'highly critical', if they followed the link. This is despite a warning attached to the update.
"Kaspersky Lab strongly recommends that all Kaspersky Online Scanner users install the new version of the application," the announcement said.
Kaspersky 'was aware' of scanner flaw
By Matt Chapman on Oct 15, 2007 10:08AM