Description
The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method.
Affected products
- panda / panda_activescan2.0 – 2.0
References
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/2008/references
- MISChttp://www.securityfocus.com/bid/30086
- EXPLOIThttps://www.exploit-db.com/exploits/6004
- MAILING_LISThttp://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/30841
- MAILING_LISThttp://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html
- MISChttp://www.securitytracker.com/id?1020432
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/43587
- MISChttp://karol.wiesek.pl/files/panda.tgz