CVE-2009-3735

Name of the Vulnerable Software and Affected Versions Panda ActiveScan versions prior to 1.3.3.0

Description The issue allows remote attackers to execute arbitrary code. This is due to the ActiveScan Installer ActiveX control not verifying the digital signature of an archive before installation. The archive is located at an arbitrary URL and can be accessed via a URL argument to an unspecified method.

Recommendations For versions prior to 1.3.3.0, update to version 1.3.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the as2stubie.dll ActiveX control until a patch is applied. Avoid using the ActiveScan Installer from untrusted sources to minimize the risk of exploitation.