Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-3735 | First vendor Publication | 2010-02-11 |
Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3735 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2010-02-10 | Name : Microsoft SMB Client Remote Code Execution Vulnerabilities (978251) File : nvt/secpod_ms10-006.nasl |
2010-02-10 | Name : Microsoft Data Analyzer ActiveX Control Vulnerability (978262) File : nvt/secpod_ms10-008.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62267 | Panda ActiveScan as2stubie.dll ActiveX as2guiie.cab Archive Arbitrary Code Ex... |
Snort® IPS/IDS
Date | Description |
---|---|
2020-03-19 | Microsoft Windows Data Analyzer 3.5 ActiveX clsid access RuleID : 53118 - Revision : 1 - Type : BROWSER-PLUGINS |
2020-03-19 | Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt RuleID : 53117 - Revision : 1 - Type : BROWSER-PLUGINS |
2020-03-19 | Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt RuleID : 53116 - Revision : 1 - Type : BROWSER-PLUGINS |
2014-01-10 | Symantec WinFax Pro ActiveX heap buffer overflow attempt RuleID : 27208 - Revision : 4 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Data Analyzer 3.5 ActiveX clsid unicode access RuleID : 16420 - Revision : 5 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Data Analyzer 3.5 ActiveX clsid access RuleID : 16419 - Revision : 15 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-02-09 | Name : The remote Windows host is missing an update that disables selected ActiveX c... File : smb_nt_ms10-008.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-11-28 23:09:25 |
|
2024-11-28 12:20:03 |
|
2021-05-04 12:10:22 |
|
2021-04-22 01:10:48 |
|
2020-05-23 00:24:29 |
|
2018-10-13 00:22:52 |
|
2016-04-26 19:12:55 |
|
2014-02-17 10:52:06 |
|
2013-05-10 23:59:50 |
|