header-logo
Suggest Exploit
vendor:
ActiveScan
by:
Karol Wiesek
9.3
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: ActiveScan
Affected Version From: 2
Affected Version To: 2
Patch Exists: YES
Related CWE: CVE-2008-2714
CPE: a:panda_software:activescan
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008

Panda Security ActiveScan 2.0 Update Buffer Overflow

Panda Security ActiveScan 2.0 Update function contains a buffer overflow vulnerability. The vulnerability is caused due to a boundary error within the processing of the "update.ini" file. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into visiting a malicious web site.

Mitigation:

No known mitigation
Source

Exploit-DB raw data:

Author:  	Karol Wiesek <karol [at] wiesek {dizd0t} pl>
Homepage:	http://karol.wiesek.pl/

There exists two vulnerabilities in Panda Security ActiveScan 2.0 Update function.
1) typical overflow ( this exploit )
2) Update function allows to install any ( attacker suplied ) CABinet into victims system

Panda Security have not respond in any manner, thus i have no information of any patches, plans for patching ...

* UPDATE * 

Panda has patched newest version, so update will not connect to custom ( attacker supplied ) URL.

Exploit:
http://karol.wiesek.pl/files/panda.tgz
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6004.tgz (2008-panda.tgz)

# milw0rm.com [2008-07-04]