From "The SANS Institute Security Vulnerability Alert"

(4) MODERATE: BitDefender Scan Online Remote Code Execution
Affected: BitDefender Scan Online, assumed current version

Description: BitDefender Scan Online is a web-based anti-virus solution,
which claims to scan a client's computer for over 70,000 viruses and
trojans. The software installs an ActiveX object,
"AVXSCANONLINE.AvxScanOnlineCtrl.1", on a client's computer. This
ActiveX object contains a remote code execution vulnerability. A
malicious web page or an HTML email can invoke the ActiveX object's
"RequestFile" method to download and execute arbitrary code on the
client computer. The code would execute at the privilege level of the
currently logged-on user. A proof-of-concept exploit has been posted.

Status: Vendor confirmed, update available. Clients who have scanned
their systems online using BitDefender should upgrade to the new version
of the ActiveX control.