EIP-2026-116035

PRE-CVE

Panda ActiveScan 5.0 - 'ascontrol.dll' Denial of Service

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116035. PoCs published by Rafel Ivgi The-Insider.

AI-analyzed exploit summary This exploit demonstrates a denial of service vulnerability in Panda ActiveScan 5.0 by invoking the 'SetSitesFile' method with an invalid URL, causing Internet Explorer to crash. The PoC uses VBScript to create an 'ASControls.InstallEngineCtl.1' object and trigger the vulnerability.

Description

Panda ActiveScan 5.0 - 'ascontrol.dll' Denial of Service

Exploits (1)

exploitdb WORKING POC VERIFIED

by Rafel Ivgi The-Insider · textdoswindows

https://www.exploit-db.com/exploits/23918

View Code ZIP pw:eip

This exploit demonstrates a denial of service vulnerability in Panda ActiveScan 5.0 by invoking the 'SetSitesFile' method with an invalid URL, causing Internet Explorer to crash. The PoC uses VBScript to create an 'ASControls.InstallEngineCtl.1' object and trigger the vulnerability.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Panda ActiveScan 5.0

No auth needed

Prerequisites: Victim must visit a webpage hosting the malicious script · Internet Explorer must be used to execute the script

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026