CVE-2008-3156

Опубликовано: 11 июл. 2008

Источник: nvd

CVSS2: 9.3

EPSS Средний

Описание

The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method.

Ссылки

http://karol.wiesek.pl/files/panda.tgz
Exploit
http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html
http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html
http://secunia.com/advisories/30841
Vendor Advisory
http://www.securityfocus.com/bid/30086
http://www.securitytracker.com/id?1020432
http://www.vupen.com/english/advisories/2008/2008/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43587
https://www.exploit-db.com/exploits/6004
http://karol.wiesek.pl/files/panda.tgz
Exploit
http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html
http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html
http://secunia.com/advisories/30841
Vendor Advisory
http://www.securityfocus.com/bid/30086
http://www.securitytracker.com/id?1020432
http://www.vupen.com/english/advisories/2008/2008/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43587
https://www.exploit-db.com/exploits/6004

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:panda:panda_activescan:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.12922

Средний

9.3 Critical

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-j459-p3wg-g3q2

github

почти 4 года назад