Panda ActiveScan Remote Buffer Overflow and Arbitrary CAB File Installation Vulnerabilities

Bugtraq ID:	30086
Class:	Unknown
CVE:	CVE-2008-3156 CVE-2008-3155
Remote:	Yes
Local:	No
Published:	Jul 04 2008 12:00AM
Updated:	Jul 06 2016 02:17PM
Credit:	Karol Wiesek
Vulnerable:	Panda ActiveScan 2.0
Not Vulnerable:

Panda ActiveScan Remote Buffer Overflow and Arbitrary CAB File Installation Vulnerabilities

Panda ActiveScan is prone to a buffer-overflow vulnerability and an arbitrary CAB file installation vulnerability.

Successful exploits allow attackers to execute arbitrary code within the context of the affected application. This facilitates the remote compromise of affected computers.

These issues affect Panda ActiveScan 2.0; other versions may also be affected.

Panda ActiveScan Remote Buffer Overflow and Arbitrary CAB File Installation Vulnerabilities

The following exploit code is available:

• /data/vulnerabilities/exploits/panda.tgz

Panda ActiveScan Remote Buffer Overflow and Arbitrary CAB File Installation Vulnerabilities

Solution:
The vendor has provided fixes in the latest production version of the ActiveX control. Users of affected packages should contact the vendor for more information on obtaining and applying fixes.

Panda ActiveScan Remote Buffer Overflow and Arbitrary CAB File Installation Vulnerabilities

References:

• [Full-disclosure] Panda ActiveScan 2.0 remote code execution (Karol Wiesek)
  
• [Full-disclosure] Panda ActiveScan 2.0 remote code execution (Panda Security Response)
  
• Panda ActiveScan Homepage (Panda)