Reading Time: 1 minute

According to a report from Homeland Security, the AVG Secure Search toolbar includes an ActiveX control that provides several unsafe methods that could allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user. That means they can download whatever they want onto your computer and take control of it. Ironically, the toolbar is intended to protect you from malware.

This vulnerability appears to impact Internet Explorer users only. Topically, a hacker will trick a user into going to an html page or opening a document that will download malicious code. This is a so-called “drive-by-download” and is a common method to deliver malware that enables the hackers to commit financial fraud against the victim.

AVG Secure Search is a toolbar add-on for web browsers that includes an ActiveX control called ScriptHelperApi, provided by ScriptHelper.exe. This control does not enforce restrictions on which sites may invoke its methods. Any website can invoke the methods exposed by the ScriptHelper ActiveX control. The control is excluded from the Internet Explorer Protected Mode sandbox and by passes the Explorer opt-in safeguard.


Users with the AVG toolbar should either remove it or upgrade to the latest version immediately.