Panda ActiveScan Multiple Vulnerabilities
Secunia Advisory: SA21763 Release Date: 2006-11-16
Software: Panda ActiveScan 5.x
Critical: Highly critical
Impact: Exposure of system information; DoS; System access
Where: From remote
Solution Status: Unpatched
Secunia Research has discovered two vulnerabilities and a weakness in Panda ActiveScan, which can be exploited by malicious people to disclose system information, cause a DoS (Denial of Service), and compromise a user's system.
1) The "Reinicializar()" method in the "ActiveScan.1" ActiveX control allows rebooting the system when invoked. This can be exploited by e.g. a malicious website to reboot a user's system without any user confirmation.
2) The "ObtenerTamano()" method in the "PAVPZ.SOS.1" ActiveX control returns the file size of a given local filename. This can be exploited by e.g. a malicious website to determine the presence of local files and the corresponding file sizes.
3) The "Analizar()" method in the "ActiveScan.1" ActiveX control is not thread safe. This can be exploited by e.g. a malicious website via a race condition to corrupt memory and execute arbitrary code.
The vulnerabilities are confirmed in version 5.53.00. Other versions may also be affected.
Solution: Update to version 5.54.01.
Provided and/or discovered by: Andreas Sandblad, Secunia Research.
Original Advisory: Secunia Research: http://secunia.com/secunia_research/2006-64/