Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-3155Improper Restriction of Operations within the Bounds of a Memory Buffer in Activescan

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
25.9%
top 3.72%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Panda Activescan
Timeline
PublishedJul 11
Latest updateMay 1

Description

Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-w6xh-7r58-f4hq: Stack-based buffer overflow in the ActiveX control (as2guiie2022-05-01
CVEList
CVE-2008-3155: Stack-based buffer overflow in the ActiveX control (as2guiie2008-07-11

💥Exploits & PoCs

1
Exploit-DB
Panda Security ActiveScan 2.0 (Update) - Remote Buffer Overflow2008-07-04
CVE-2008-3155 — Panda Activescan vulnerability | cvebase