Vulnerabilities > CVE-2009-3735 - Code Injection vulnerability in Panda Activescan 2.0
The ActiveScan Installer ActiveX control in as2stubie.dll before 220.127.116.11 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method.
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Manipulating User-Controlled Variables This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
|NASL family||Windows : Microsoft Bulletins|
|description||The Microsoft Data Analyzer ActiveX control has a remote code execution vulnerability. The system may also have one or more vulnerable third-party ActiveX controls installed. A remote attacker could exploit these issues by tricking a user into requesting a maliciously crafted web page, resulting in arbitrary code execution.|
|reporter||This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.|
|title||MS10-008: Cumulative Security Update of ActiveX Kill Bits (978262)|