Issues the date: 2008-07-04
Renewal date: 2008-07-08
Is affected the system:
Panda ActiveScan 2.0
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 30086
Panda ActiveScan is panda's free online viral scanning tool.
ActiveScan 2.0 AV Class ActiveX controls (as2guiie.dll) not to confirm the input which correctly provides to the Update() way, if the user were deceived visited the malicious homepage and has transmitted malicious parameter to this way, will trigger the stack overflow or installs willfully the cabinet document on the subscriber system.
<* origin: Karol Wiesek (appelast@ bsquad.sm.pl)
Link: http://secunia.com/advisories/30841/
*>
Test method:
--------------------------------------------------------------------------------
Warning
The following procedure (method) possibly has the aggressivity, only supplies the safe research and teaching. The user risk is proud!
http://milw0rm.com/sploits/2008-panda.tgz
Suggested:
--------------------------------------------------------------------------------
Manufacturer patch:
Panda
-----
At present the manufacturer had already issued the promotion patch repairs this security problem, welcome to manufacturer main page downloading:
http://www.pandasecurity.com/activescan
|