[NT] Panda ActiveScan Multiple Vulnerabilities
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 21 Nov 2006 12:32:07 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Panda ActiveScan Multiple Vulnerabilities
------------------------------------------------------------------------
SUMMARY
Panda ActiveScan is a "Free online antivirus to combat viruses, spyware
and other Internet threats". Secunia Research has discovered two
vulnerabilities and a weakness in Panda ActiveScan, which can be exploited
by malicious people to disclose system information, cause a DoS (Denial of
Service), and compromise a user's system.
DETAILS
Vulnerable Systems:
* Panda ActiveScan version 5.53.00
Immune Systems:
* Panda ActiveScan version 5.54.01
1) The "Reinicializar()" method in the "ActiveScan.1" ActiveX control
allows rebooting the system when invoked. This can be exploited by e.g. a
malicious website to reboot a user's system without any user confirmation.
2) The "ObtenerTamano()" method in the "PAVPZ.SOS.1" ActiveX control
returns the file size of a given local filename. This can be exploited by
e.g. a malicious website to determine the presence of local files and the
corresponding file sizes.
3) The "Analizar()" method in the "ActiveScan.1" ActiveX control is not
thread safe. This can be exploited by e.g. a malicious website via a race
condition to corrupt memory and execute arbitrary code.
Solution:
Update to version 5.54.01.
Time Table:
21/09/2006 - Vendor notified.
21/09/2006 - Vendor response.
11/10/2006 - Additional details provided to vendor.
03/11/2006 - Vendor issues fixed version.
16/11/2006 - Public disclosure.
ADDITIONAL INFORMATION
The information has been provided by Secunia Research.
The original article can be found at:
<http://secunia.com/secunia_research/2006-64/>
http://secunia.com/secunia_research/2006-64/
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NEWS] Verity Ultraseek Request Proxying Vulnerability
- Next by Date: [NT] MDaemon Insecure Default Directory Permissions
- Previous by thread: [NEWS] Verity Ultraseek Request Proxying Vulnerability
- Next by thread: [NT] MDaemon Insecure Default Directory Permissions
- Index(es):
Relevant Pages
|
|
