The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method.
References
Link | Resource |
---|---|
http://secunia.com/advisories/38485 | Vendor Advisory |
http://www.kb.cert.org/vuls/id/869993 | US Government Resource |
http://www.kb.cert.org/vuls/id/MAPG-7QPKL3 | |
http://www.securityfocus.com/bid/38067 | |
http://www.vupen.com/english/advisories/2010/0354 | Vendor Advisory |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-008 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: certcc
Published: 2010-02-11T17:00:00
Updated: 2018-10-12T19:57:01
Reserved: 2009-10-22T00:00:00
Link: CVE-2009-3735
JSON object: View
NVD Information
Status : Modified
Published: 2010-02-11T17:30:00.610
Modified: 2018-10-12T21:56:09.770
Link: CVE-2009-3735
JSON object: View
Redhat Information
No data.
CWE