Notified:  April 21, 2008 Updated: October 14, 2008

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

This vulnerability is addressed in version 3 of the System Requirements Lab software. This version is available on the systemrequirementlab.com web server. This version of the ActiveX control restricts which domains can call the methods provided by the control. The primary ActiveX version of the software has also been disabled in Internet Explorer with the update for Microsoft Security Advisory (956391). Note that this update does not prevent the vulnerable Java version of the control from being used, nor does it disable every vulnerable version of the ActiveX control. Please see the CERT/CC Vulnerability Analysis Blog for more details about vulnerable Java applets.