Description
The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Karol Wiesek · textremotewindows
https://www.exploit-db.com/exploits/6004
References (9)
Core 9
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2008/references
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30086
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/6004
Mailing List mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30841
Mailing List mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1020432
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43587
Exploit x_refsource_misc
http://karol.wiesek.pl/files/panda.tgz
Scores
EPSS
0.1292
EPSS Percentile
94.1%
Details
CWE
CWE-264
Status
published
Products (1)
panda/panda_activescan
2.0
Published
Jul 11, 2008
Tracked Since
Feb 18, 2026