Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-3156Activescan vulnerability

CWE-2644 documents4 sources
Severity
9.3CRITICALNVD
EPSS
12.9%
top 5.92%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Panda Activescan
Timeline
PublishedJul 11
Latest updateMay 1

Description

The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-j459-p3wg-g3q2: The ActiveScan ActiveX Control (as2guiie2022-05-01
CVEList
CVE-2008-3156: The ActiveScan ActiveX Control (as2guiie2008-07-11

💥Exploits & PoCs

1
Exploit-DB
Panda Security ActiveScan 2.0 (Update) - Remote Buffer Overflow2008-07-04
CVE-2008-3156 — Panda Activescan vulnerability | cvebase