Search...

CVE-2007-3969

2007-07-25T13:30:00

ID CVE-2007-3969
Type cve
Reporter NVD
Modified 2018-10-15T17:32:31

Description

Buffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an "Integer Cast Around."

JSON Vulners Source

Initial Source

{"id": "CVE-2007-3969", "bulletinFamily": "NVD", "title": "CVE-2007-3969", "description": "Buffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an \"Integer Cast Around.\"", "published": "2007-07-25T13:30:00", "modified": "2018-10-15T17:32:31", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3969", "reporter": "NVD", "references": ["http://securityreason.com/securityalert/2920", "http://www.securitytracker.com/id?1018437", "http://www.securityfocus.com/bid/24989", "http://www.securityfocus.com/archive/1/474247/100/0/threaded"], "cvelist": ["CVE-2007-3969"], "type": "cve", "lastseen": "2018-10-16T10:51:37", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:panda:panda_antivirus"], "cvelist": ["CVE-2007-3969"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Buffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an \"Integer Cast Around.\"", "edition": 2, "enchantments": {"score": {"modified": "2018-08-14T11:46:11", "value": 9.3, "vector": "NONE"}}, "hash": "407a200f4e68648d541b3d388c8e84a520eaa5488f25c1778ba04e491d63fd5d", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "0d6c5ce0cba8ac8ab500a17c7ce743d9", "key": "published"}, {"hash": "721504ef2533a94e3bca957cb12c189f", "key": "modified"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "3e8a4be861b89559f5bd1149dd0779a7", "key": "href"}, {"hash": "ae4b9c09afe6112fca7b9d6274ae4d80", "key": "cpe"}, {"hash": "7b22db76ac4dc777501a051052df278a", "key": "title"}, {"hash": "0e644f05d03bb8c685d072a76b2aee47", "key": "references"}, {"hash": "b8a5bf279b1492b6ecb055870e26cf1b", "key": "description"}, {"hash": "55fa41c3015e1a190f857efc614f9ad7", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3969", "id": "CVE-2007-3969", "lastseen": "2018-08-14T11:46:11", "modified": "2018-08-13T17:47:30", "objectVersion": "1.3", "published": "2007-07-25T13:30:00", "references": ["http://securityreason.com/securityalert/2920", "http://www.securitytracker.com/id?1018437", "http://www.securityfocus.com/bid/24989", "http://www.securityfocus.com/archive/1/archive/1/474247/100/0/threaded"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-3969", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2018-08-14T11:46:11"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:panda:panda_antivirus"], "cvelist": ["CVE-2007-3969"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Buffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an \"Integer Cast Around.\"", "edition": 1, "enchantments": {"score": {"modified": "2016-09-03T09:14:55", "value": 9.3, "vector": "NONE"}}, "hash": "f6c12a2b920b36675c318f910aec118e7de8c633f33f09f1877ade441ae822b8", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "92947635514eaf826a605f005ae9c3fd", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "0d6c5ce0cba8ac8ab500a17c7ce743d9", "key": "published"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "3e8a4be861b89559f5bd1149dd0779a7", "key": "href"}, {"hash": "ae4b9c09afe6112fca7b9d6274ae4d80", "key": "cpe"}, {"hash": "7b22db76ac4dc777501a051052df278a", "key": "title"}, {"hash": "b8a5bf279b1492b6ecb055870e26cf1b", "key": "description"}, {"hash": "3f90bd15e8313ebf4337488ff1302756", "key": "modified"}, {"hash": "55fa41c3015e1a190f857efc614f9ad7", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3969", "id": "CVE-2007-3969", "lastseen": "2016-09-03T09:14:55", "modified": "2008-09-10T20:57:27", "objectVersion": "1.2", "published": "2007-07-25T13:30:00", "references": ["http://www.nruns.com/%5Bn.runs-SA-2007.019%5D%20-%20Panda%20Antivirus%20EXE%20parsing%20Arbitrary%20Code%20Execution%20Advisory.pdf", "http://securityreason.com/securityalert/2920", "http://www.securitytracker.com/id?1018437", "http://www.nruns.com/%5Bn.runs-SA-2007.019%5D%20-%20Panda%20Antivirus%20EXE%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txt", "http://www.securityfocus.com/bid/24989", "http://www.securityfocus.com/archive/1/archive/1/474247/100/0/threaded"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-3969", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T09:14:55"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "ae4b9c09afe6112fca7b9d6274ae4d80"}, {"key": "cvelist", "hash": "55fa41c3015e1a190f857efc614f9ad7"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "b8a5bf279b1492b6ecb055870e26cf1b"}, {"key": "href", "hash": "3e8a4be861b89559f5bd1149dd0779a7"}, {"key": "modified", "hash": "2d20427e84c9d1c348935bfb10fb97b4"}, {"key": "published", "hash": "0d6c5ce0cba8ac8ab500a17c7ce743d9"}, {"key": "references", "hash": "3e4dcbf7cbe6c586be43690502c70d0e"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "7b22db76ac4dc777501a051052df278a"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "c3a15cb5a965753a71cd2cf781d2931f756776018e586a5a1cb8ab59892a05b9", "viewCount": 0, "enchantments": {"score": {"value": 9.3, "vector": "NONE", "modified": "2018-10-16T10:51:37"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:102052", "OPENVAS:1361412562310102052"]}, {"type": "nessus", "idList": ["PANDA_EXE_FILE_PARSING_OVERFLOW.NASL"]}, {"type": "osvdb", "idList": ["OSVDB:37979"]}], "modified": "2018-10-16T10:51:37"}, "vulnersScore": 9.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:panda:panda_antivirus"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"openvas": [{"lastseen": "2018-01-02T10:54:24", "bulletinFamily": "scanner", "description": "Buffer overflow in Panda Antivirus before 20-07-2007\n allows remote attackers to execute arbitrary code\n via a crafted EXE file, resulting from an Integer Cast Around.", "modified": "2017-12-21T00:00:00", "published": "2010-07-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=102052", "id": "OPENVAS:102052", "title": "Panda Antivirus Buffer Overflow", "type": "openvas", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Panda Antivirus Buffer Overflow\n#\n# LSS-NVT-2010-041\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"The vulnerability was reported on May 07 2007\n and an update has been issued on July 20 2007\n to solve this vulnerability through the regular update mechanism.\";\ntag_summary = \"Buffer overflow in Panda Antivirus before 20-07-2007\n allows remote attackers to execute arbitrary code\n via a crafted EXE file, resulting from an Integer Cast Around.\";\n\nif(description)\n{\n script_id(102052);\n script_version(\"$Revision: 8217 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 14:24:55 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-08 10:59:30 +0200 (Thu, 08 Jul 2010)\");\n script_cve_id(\"CVE-2007-3969\");\n script_bugtraq_id(24989);\n script_name(\"Panda Antivirus Buffer Overflow\");\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/archive/1/archive/1/474247/100/0/threaded\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/26171\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"panda_av_update_detect.nasl\");\n script_mandatory_keys(\"Panda/AntiVirus/LastUpdate\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude (\"version_func.inc\"); #version checking library\n\nvuln = 0; #if vulnerable, vuln = 1\nvuln_update = \"20-07-2007\";\n#software not updated after this date is vulnerable\n\nif (!last_update = get_kb_item(\"Panda/AntiVirus/LastUpdate\")) exit(0);\n\n#This part of code converts the dates in a format that \n#is checkable using the version_func.inc constructs\nlast_update = ereg_replace(pattern:\"^(.*)-(.*)-(.*)$\",\n replace:\"\\3.\\2.\\1\",\n string:last_update);\n\nvuln_update = ereg_replace(pattern:\"^(.*)-(.*)-(.*)$\",\n replace:\"\\3.\\2.\\1\",\n string:vuln_update);\n \nvuln = version_is_less(version: last_update,\ntest_version:vuln_update);\n\nif(vuln)\n{\n security_message(0);\n exit(0);\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-24T18:21:20", "bulletinFamily": "scanner", "description": "Buffer overflow in Panda Antivirus before 20-07-2007\n allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an Integer Cast Around.", "modified": "2018-09-22T00:00:00", "published": "2010-07-08T00:00:00", "id": "OPENVAS:1361412562310102052", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102052", "title": "Panda Antivirus Buffer Overflow", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: panda_av_bof_vuln.nasl 11548 2018-09-22 11:43:02Z cfischer $\n#\n# Panda Antivirus Buffer Overflow\n#\n# LSS-NVT-2010-041\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102052\");\n script_version(\"$Revision: 11548 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-22 13:43:02 +0200 (Sat, 22 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-08 10:59:30 +0200 (Thu, 08 Jul 2010)\");\n script_cve_id(\"CVE-2007-3969\");\n script_bugtraq_id(24989);\n script_name(\"Panda Antivirus Buffer Overflow\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/archive/1/474247/100/0/threaded\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/26171\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"panda_av_update_detect.nasl\");\n script_mandatory_keys(\"Panda/AntiVirus/LastUpdate\");\n\n script_tag(name:\"solution\", value:\"The vulnerability was reported on May 07 2007\n and an update has been issued on July 20 2007 to solve this vulnerability through the regular update mechanism.\");\n\n script_tag(name:\"summary\", value:\"Buffer overflow in Panda Antivirus before 20-07-2007\n allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an Integer Cast Around.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nvuln_update = \"20-07-2007\";\n#software not updated after this date is vulnerable\n\nif (!last_update = get_kb_item(\"Panda/AntiVirus/LastUpdate\")) exit(0);\n\n#This part of code converts the dates in a format that\n#is checkable using the version_func.inc constructs\nlast_update = ereg_replace(pattern:\"^(.*)-(.*)-(.*)$\", replace:\"\\3.\\2.\\1\", string:last_update);\nvuln_update = ereg_replace(pattern:\"^(.*)-(.*)-(.*)$\", replace:\"\\3.\\2.\\1\", string:vuln_update);\n\nif(version_is_less(version: last_update, test_version:vuln_update)){\n security_message(port:0);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:07:24", "bulletinFamily": "scanner", "description": "The version of Panda Antivirus installed on the remote host reportedly\ncontains a buffer overflow in its file parsing engine. Using a\nspecially crafted EXE file, a remote attacker may be able to leverage\nthis issue to crash the affected application or to execute arbitrary\ncode.", "modified": "2018-11-15T00:00:00", "published": "2007-07-25T00:00:00", "id": "PANDA_EXE_FILE_PARSING_OVERFLOW.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25764", "title": "Panda Antivirus EXE File Parsing Overflow", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25764);\n script_version(\"1.17\");\n\n script_cve_id(\"CVE-2007-3969\");\n script_bugtraq_id(24989);\n\n script_name(english:\"Panda Antivirus EXE File Parsing Overflow\");\n script_summary(english:\"Checks version of Panda Antivirus signatures\"); \n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application that is prone to a buffer\noverflow attack.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of Panda Antivirus installed on the remote host reportedly\ncontains a buffer overflow in its file parsing engine. Using a\nspecially crafted EXE file, a remote attacker may be able to leverage\nthis issue to crash the affected application or to execute arbitrary\ncode.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/474247/30/0/threaded\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Use the Update feature to update the virus signatures to a version\nissued on or after July 20, 2007.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/07/25\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/07/20\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\",value:\"cpe:/a:pandasecurity:panda_antivirus\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"panda_antivirus_installed.nasl\");\n script_require_keys(\"Antivirus/Panda/installed\", \"Antivirus/Panda/sigs\");\n\n exit(0);\n}\n\n\n# Get the signature database update for the target.\nsigs = get_kb_item(\"Antivirus/Panda/sigs\");\nif (!sigs) exit(0);\nif (sigs !~ \"^[0-9]+-[0-9]+-[0-9]+$\") exit(0);\n\n\n# There's a problem if the update is before 7-20-2007.\np = split(sigs, sep:\"-\", keep:FALSE);\nfor (i=0; i<max_index(p); i++)\n p[i] = int(p[i]);\n\nif (\n p[2] < 2007 ||\n (\n p[2] == 2007 &&\n (\n p[0] < 7 ||\n (p[0] == 7 && p[1] < 20)\n )\n )\n)\n{\n report = string(\n \"\\n\",\n \"The virus signatures currently on the remote host are dated \", sigs, \".\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.pandasoftware.com/\nSecurity Tracker: 1018437\n[Secunia Advisory ID:26171](https://secuniaresearch.flexerasoftware.com/advisories/26171/)\nOther Advisory URL: http://www.nruns.com/[n.runs-SA-2007.019]%20-%20Panda%20Antivirus%20EXE%20parsing%20Arbitrary%20Code%20Execution%20Advisory.pdf\nOther Advisory URL: http://securityreason.com/securityalert/2920\nOther Advisory URL: http://www.nruns.com/[n.runs-SA-2007.019]%20-%20Panda%20Antivirus%20EXE%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0226.html\nKeyword: n.runs-SA-2007.019\n[CVE-2007-3969](https://vulners.com/cve/CVE-2007-3969)\nBugtraq ID: 24989\n", "modified": "2007-07-20T19:11:32", "published": "2007-07-20T19:11:32", "href": "https://vulners.com/osvdb/OSVDB:37979", "id": "OSVDB:37979", "title": "Panda Antivirus EXE File Handling Overflow", "type": "osvdb", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}