Published: 11/07/2008 Updated: 29/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan prior to 1.02.00 allows remote malicious users to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method.

Vulnerable Product	Search on Vulmon	Subscribe to Product
panda panda activescan 2.0

Author: Karol Wiesek <karol [at] wiesek {dizd0t} pl> Homepage: karolwiesekpl/ There exists two vulnerabilities in Panda Security ActiveScan 20 Update function 1) typical overflow ( this exploit ) 2) Update function allows to install any ( attacker suplied ) CABinet into victims system Panda Security have not respond in any mann ...

CWE-264 NVD-CWE-noinfo http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html http://karol.wiesek.pl/files/panda.tgz http://www.securityfocus.com/bid/30086 http://www.securitytracker.com/id?1020432 http://secunia.com/advisories/30841 http://www.vupen.com/english/advisories/2008/2008/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43587 https://www.exploit-db.com/exploits/6004 https://nvd.nist.gov https://www.exploit-db.com/exploits/6004/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-3156

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect