Panda ActiveScan Activescan.1 ActiveX control code execution
| pandaactivescan-activescan-code-execution (30319) |  High Risk |
Description:
The Panda ActiveScan ActiveX control (ActiveScan.1) could allow a remote attacker to execute arbitrary code on the system, caused by an unspecified race condition in the Analizar method. A remote attacker could exploit this vulnerability to execute arbitrary code on the victim's system, if the attacker could persuade the victim to visit a malicious Web site.
Platforms Affected:
- Panda Software, Panda ActiveScan prior to 5.54.01
Remedy:
Apply the patch for this vulnerability, available from the Panda ActiveScan Web site. See References.
Consequences:
Gain Access
References:
- Panda ActiveScan Web page, Panda ActiveScan - Free online antivirus to combat viruses, spyware and other Internet threats at http://www.pandasoftware.com/products/ActiveScan.htm.
- BID-21132: Panda ActiveScan ActiveX Controls Multiple Remote Vulnerabilities
- CVE-2006-5967: Race condition in Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to cause memory corruption and execute arbitrary code via unknown vectors related to multiple invocations of the Analizar method in the ActiveScan.1 ActiveX control, which is not thread safe.
- SA21763: Panda ActiveScan Multiple Vulnerabilities
- VUPEN/ADV-2006-4536: Panda ActiveScan Command Execution and Information Disclosure Vulnerabilities
Reported:
Nov 16, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net