CVE-2009-3735Code Injection in Activescan

CWE-94Code Injection3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
8.1%
top 7.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Panda Activescan
Timeline
PublishedFeb 11
Latest updateMay 2

Description

The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-m5q8-rhfq-gjv4: The ActiveScan Installer ActiveX control in as2stubie2022-05-02
CVEList
CVE-2009-3735: The ActiveScan Installer ActiveX control in as2stubie2010-02-11
CVE-2009-3735 — Code Injection in Panda Activescan | cvebase