Skip to main content

Panda Security ActiveScan "as2stubie.dll" File Download Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 11 Feb 2010 5409 Views

RISK: Medium Risk

A vulnerability has been identified in Panda Security ActiveScan, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by an error in the "as2stubie.dll" component that fails to validate the digital signature of the "as2guiie.cab" component when downloaded, which can be exploited by attackers to download and execute arbitrary code by tricking a user into visiting a malicious web page.


Impact

  • Remote Code Execution

System / Technologies affected

  • Panda Security ActiveScan version 2.0 (as2stubie.dll versions prior to 1.3.3.0)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Visit the ActiveScan website to install updated components:
    - http://www.pandasecurity.com/activescan/
  • Note: The vulnerability is also fixed for Internet Explorer via Microsoft MS10-008 patches, by setting the kill-bit for the affected ActiveX control.


Vulnerability Identifier


Source


Related Link