Monday27 March 2023

Unpatched AVG SafeSearch Leaves Users Open to Script Exploits

Reading time is around minutes.

There is nothing like finding out that the application you bought to keep you safe on the internet can actually be used to insert malicious code. Well this is what AVG Secure Search toolbar users are finding out this morning as news of a vulnerability has hit the web. According to the report from CERT version 18.1.6 and older of AVG Secure Search and AVG SafeGuard install an Active X control that is just bad news.

“This control does not internally enforce any restrictions on which sites may invoke its methods”  This means that once installed the active X control called ScriptHelperApi can allow any web site to run malicious code on your system through this Api. To make a bad thing just a little worse CERT is saying that the ScriptHelper API is also on the pre-approved list of ActiveX controls. This list allows it to bypass a security feature in IE that is designed specifically to prevent scripts from executing without a user’s permission. Oh yeah, it also runs from IE Protected Mode…

Fortunately AVG has already patched this flaw in newer versions of the toolbar (18.17.598 and, but it appears that the toolbar does not update automatically. This means that there are still many people that are exposed to this flaw and vulnerable to malicious or poisoned websites. If you are using this toolbar we highly recommend updating it, or simply removing it. As CERT researcher Will Dormann this flaw represents one of the biggest issues with third party software (especially free software). In far too many cases that “free software” you are downloading and installing has components that can adversely affect your system.

Just about every “free” application comes with extra goodies. It is how the developers keep them free. Even companies Like Adobe, Oracle (Java) and Microsoft will shove extras at you during the installation of their applications that might put your computer at risk. It is very important to watch for these during the install process and opt-out if you can. If you can’t, perhaps you might not want to just skip that application.

Read the full alert from CERT

Tell us what you think in our Forum

Last modified on Friday, 11 July 2014 08:19

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.