---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: Panda ActiveScan Multiple Vulnerabilities SECUNIA ADVISORY ID: SA21763 VERIFY ADVISORY: http://secunia.com/advisories/21763/ CRITICAL: Highly critical IMPACT: Exposure of system information, DoS, System access WHERE: >From remote SOFTWARE: Panda ActiveScan 5.x http://secunia.com/product/3341/ DESCRIPTION: Secunia Research has discovered two vulnerabilities and a weakness in Panda ActiveScan, which can be exploited by malicious people to disclose system information, cause a DoS (Denial of Service), and compromise a user's system. 1) The "Reinicializar()" method in the "ActiveScan.1" ActiveX control allows rebooting the system when invoked. This can be exploited by e.g. a malicious website to reboot a user's system without any user confirmation. 2) The "ObtenerTamano()" method in the "PAVPZ.SOS.1" ActiveX control returns the file size of a given local filename. This can be exploited by e.g. a malicious website to determine the presence of local files and the corresponding file sizes. 3) The "Analizar()" method in the "ActiveScan.1" ActiveX control is not thread safe. This can be exploited by e.g. a malicious website via a race condition to corrupt memory and execute arbitrary code. The vulnerabilities are confirmed in version 5.53.00. Other versions may also be affected. SOLUTION: Update to version 5.54.01. http://www.pandasoftware.com/products/ActiveScan.htm PROVIDED AND/OR DISCOVERED BY: Andreas Sandblad, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2006-64/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------