Vulnerability Details CVE-2014-2956
ScriptHelperApi in the AVG ScriptHelper ActiveX control in ScriptHelper.exe in AVG Secure Search toolbar before 18.1.7.598 and AVG Safeguard before 18.1.7.644 does not implement domain-based access control for method calls, which allows remote attackers to trigger the downloading and execution of arbitrary programs via a crafted web site.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.5%
CVSS Severity
CVSS v2 Score 9.3
Products affected by CVE-2014-2956
-
cpe:2.3:a:avg:safeguard:18.1.7
-
cpe:2.3:a:avg:secure_search_toolbar:18.1.7