Panda Security ActiveScan "as2stubie.dll" File Download Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 11 Feb 2010 5219 Views

RISK: Medium Risk

Medium Risk

A vulnerability has been identified in Panda Security ActiveScan, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by an error in the "as2stubie.dll" component that fails to validate the digital signature of the "as2guiie.cab" component when downloaded, which can be exploited by attackers to download and execute arbitrary code by tricking a user into visiting a malicious web page.

Impact

  • Remote Code Execution

System / Technologies affected

  • Panda Security ActiveScan version 2.0 (as2stubie.dll versions prior to 1.3.3.0)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Visit the ActiveScan website to install updated components:
    - http://www.pandasecurity.com/activescan/
  • Note: The vulnerability is also fixed for Internet Explorer via Microsoft MS10-008 patches, by setting the kill-bit for the affected ActiveX control.

Vulnerability Identifier

Source

Related Link

Share with

Previous

HP OpenView Network Node Manager Arbitrary Command Execution Vulnerability

11 Feb 2010 5178 Views

Next

HP OpenView Network Node Manager Java JDK / JRE Multiple Vulnerabilities

11 Feb 2010 5229 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY