N/A

The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method.

N/A

N/A

Panda ActiveScan 'as2stubie.dll' ActiveX 控件远程代码执行漏洞

Panda ActiveScan是熊猫的免费在线病毒扫描工具。 其中的ActiveX 控件远程代码执行漏洞。位于任意URL的as2guiie.cab存档文件中的Panda ActiveScan下载软件的安装程序PandaActiveScan Installer中，其动态库as2stubie.dll中的控件ActiveScan Installer ActiveX 在安装时没有检查存档的数字签名，远程攻击者可以通过指向未明方法的URL参数，执行任意代码。

N/A

N/A