CVE-2009-3735

Panda ActiveScan Installer 2.0 - Remote Code Execution via Unverified ActiveX Control Download

Title source: llm
STIX 2.1

Description

The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method.

References (6)

Core 6
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0354
Third Party Advisory, US Government Resource x_refsource_misc
http://www.kb.cert.org/vuls/id/MAPG-7QPKL3
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38067
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/869993
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38485

Scores

EPSS 0.0574
EPSS Percentile 92.1%

Details

CWE
CWE-94
Status published
Products (1)
panda/panda_activescan 2.0
Published Feb 11, 2010
Tracked Since Feb 18, 2026