CVE-2009-3735

The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method.

Published: Feb 11, 2010
Updated: Apr 13, 2023
CVE: CVE-2009-3735
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
panda / panda_activescan	2.0	2.0.x

http://secunia.com/advisories/38485
http://www.kb.cert.org/vuls/id/869993
http://www.kb.cert.org/vuls/id/MAPG-7QPKL3
http://www.securityfocus.com/bid/38067
http://www.vupen.com/english/advisories/2010/0354
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-008

Vulnerability Database

289,784

CVE-2009-3735