Zenturi ProgramChecker versions 126.96.36.1991 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the targeted user.
The vulnerability exists because the ProgramChecker ActiveX controls in sasatl.dll fail to perform sufficient boundary checking when they handle the DebugMsgLog(), DoFileProperties(), and Scan() methods. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to visit a malicious website. If the user follows the link, the attacker could execute arbitrary code on the system with the privileges of the user. Failed exploit attempts will likely result in a browser denial of service condition.
Exploit code is available.
The vendor has not publicly confirmed this vulnerability, and updates are not available.
US-CERT has released a vulnerability note at the following link: VU#603529