---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: Panda ActiveScan "as2stubie.dll" Unverified CAB Installation SECUNIA ADVISORY ID: SA38485 VERIFY ADVISORY: http://secunia.com/advisories/38485/ DESCRIPTION: A vulnerability has been reported in Panda ActiveScan, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the as2stubie.dll ActiveX control downloading and installing the as2guiie.cab archive without verification. This can be exploited to download and execute arbitrary programs by tricking a user into visiting a malicious website. The vulnerability is reported in as2stubie.dll versions prior to 1.3.3.0. SOLUTION: Visit the ActiveScan website to install updated components: http://www.pandasecurity.com/activescan/ The vulnerability is also fixed for Internet Explorer via Microsoft MS10-008 patches, by setting the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: Will Dormann, CERT/CC ORIGINAL ADVISORY: US-CERT VU#869993: http://www.kb.cert.org/vuls/id/869993 OTHER REFERENCES: Microsoft (KB978262): http://www.microsoft.com/technet/security/Bulletin/MS10-008.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------