CVE-2009-3735: Code Injection
First published: Thu Feb 11 2010(Updated: )
The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Panda Panda activescan | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-3735?
CVE-2009-3735 is considered a critical vulnerability due to its ability to allow remote code execution without proper verification.
How do I fix CVE-2009-3735?
To fix CVE-2009-3735, ensure you update the Panda ActiveScan software to version 1.3.3.0 or later, which addresses the vulnerability.
What types of attacks can CVE-2009-3735 facilitate?
CVE-2009-3735 can facilitate remote attacks by allowing malicious software to be downloaded and executed without verification.
Which versions of Panda ActiveScan are affected by CVE-2009-3735?
CVE-2009-3735 affects Panda ActiveScan version 2.0 prior to 1.3.3.0.
Is there a workaround for CVE-2009-3735?
A temporary workaround for CVE-2009-3735 may involve disabling the ActiveX control until the software can be updated.
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/panda
- canonical/panda panda activescan
- version/panda panda activescan/2.0