HTTP: Panda ActiveScan (PAVPZ.dll) Information Disclosure
This signature detects Web pages containing dangerous ActiveX Controls. A malicious Web site can exploit a known vulnerability in Panda ActiveScan and determine the presence of local files and the corresponding file sizes.
Extended Description
Panda ActiveScan ActiveX controls are prone to multiple remote vulnerabilities. Exploiting these issues allows remote attackers to execute arbitrary machine code in the context of applications using the affected ActiveX control, to cause denial-of-service conditions, and to determine the existence of files on targeted computers. Successful attacks may lead to the remote compromise of affected computers. Panda ActiveScan 5.53.00 is vulnerable to these issues; other versions may also be affected.
Affected Products
Panda activescan
References
BugTraq: 21132
CVE: CVE-2006-5966
URL: http://www.frsirt.com/english/advisories/2006/4536 http://secunia.com/secunia_research/2006-64/
Short Name
HTTP:STC:CLSID:ACTIVEX:PAVPZ
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
(PAVPZ.dll) ActiveScan CVE-2006-5966 Disclosure Information Panda bid:21132
Release Date
12/20/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Panda
CVSS Score
6.4