CVE-2009-3735
Panda ActiveScan Installer 2.0 - Remote Code Execution via Unverified ActiveX Control Download
Title source: llmDescription
The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method.
References (6)
Core 6
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0354
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-008
Third Party Advisory, US Government Resource x_refsource_misc
http://www.kb.cert.org/vuls/id/MAPG-7QPKL3
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38067
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/869993
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38485
Scores
EPSS
0.0574
EPSS Percentile
92.1%
Details
CWE
CWE-94
Status
published
Products (1)
panda/panda_activescan
2.0
Published
Feb 11, 2010
Tracked Since
Feb 18, 2026