A spokesman for Kaspersky said that version 184.108.40.206 fixed the ActiveX vulnerability.
"Contrary to the statements made in the article Kaspersky Lab was indeed aware of the issue and had issued a statement on 9 October, providing advise [sic] to users," the spokesman said in a written statement.
However, the update was released on the homepage of the company's website under the heading 'Kaspersky Lab announces the release of a new version of its free Kaspersky Online Scanner'.
Users only received news about the fix for the vulnerability, which Secunia rated 'highly critical', if they followed the link. This is despite a warning attached to the update.
"Kaspersky Lab strongly recommends that all Kaspersky Online Scanner users install the new version of the application," the announcement said.
Kaspersky 'was aware' of scanner flaw
By Matt Chapman on Oct 15, 2007 10:08AM
Security firm Kaspersky was aware of the flaw in its online scanner and had issued a patch on 9 October, despite comments made to vnunet.com by its staff.
Got a news tip for our journalists? Share it with us anonymously here.