CVE-2008-3156
Panda Security ActiveScan 2.0 (Update) - Remote Buffer Overflow
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method.
El control ActiveX ActiveScan (as2guiie.dll) de Panda ActiveScan versiones anteriores a 1.02.00 permite a atacantes remotos descargar y ejecutar ficheros cabinet (CAB) de su elección a través de URLs no especificadas pasando por el método Update.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-07-11 CVE Reserved
- 2008-07-11 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-08-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html | Mailing List | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html | Mailing List | |
| http://www.securityfocus.com/bid/30086 | Vdb Entry | |
| http://www.securitytracker.com/id?1020432 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/2008/references | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43587 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/6004 | 2024-08-07 | |
| http://karol.wiesek.pl/files/panda.tgz | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/30841 | 2017-09-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Panda Search vendor "Panda" | Panda Activescan Search vendor "Panda" for product "Panda Activescan" | 2.0 Search vendor "Panda" for product "Panda Activescan" and version "2.0" | - |
Affected
| ||||||