ID CVE-2007-3969 Type cve Reporter NVD Modified 2018-10-15T17:32:31
Description
Buffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an "Integer Cast Around."
{"openvas": [{"lastseen": "2018-01-02T10:54:24", "bulletinFamily": "scanner", "description": "Buffer overflow in Panda Antivirus before 20-07-2007\n allows remote attackers to execute arbitrary code\n via a crafted EXE file, resulting from an Integer Cast Around.", "modified": "2017-12-21T00:00:00", "published": "2010-07-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=102052", "id": "OPENVAS:102052", "title": "Panda Antivirus Buffer Overflow", "type": "openvas", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Panda Antivirus Buffer Overflow\n#\n# LSS-NVT-2010-041\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"The vulnerability was reported on May 07 2007\n and an update has been issued on July 20 2007\n to solve this vulnerability through the regular update mechanism.\";\ntag_summary = \"Buffer overflow in Panda Antivirus before 20-07-2007\n allows remote attackers to execute arbitrary code\n via a crafted EXE file, resulting from an Integer Cast Around.\";\n\nif(description)\n{\n script_id(102052);\n script_version(\"$Revision: 8217 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 14:24:55 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-08 10:59:30 +0200 (Thu, 08 Jul 2010)\");\n script_cve_id(\"CVE-2007-3969\");\n script_bugtraq_id(24989);\n script_name(\"Panda Antivirus Buffer Overflow\");\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/archive/1/archive/1/474247/100/0/threaded\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/26171\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"panda_av_update_detect.nasl\");\n script_mandatory_keys(\"Panda/AntiVirus/LastUpdate\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude (\"version_func.inc\"); #version checking library\n\nvuln = 0; #if vulnerable, vuln = 1\nvuln_update = \"20-07-2007\";\n#software not updated after this date is vulnerable\n\nif (!last_update = get_kb_item(\"Panda/AntiVirus/LastUpdate\")) exit(0);\n\n#This part of code converts the dates in a format that \n#is checkable using the version_func.inc constructs\nlast_update = ereg_replace(pattern:\"^(.*)-(.*)-(.*)$\",\n replace:\"\\3.\\2.\\1\",\n string:last_update);\n\nvuln_update = ereg_replace(pattern:\"^(.*)-(.*)-(.*)$\",\n replace:\"\\3.\\2.\\1\",\n string:vuln_update);\n \nvuln = version_is_less(version: last_update,\ntest_version:vuln_update);\n\nif(vuln)\n{\n security_message(0);\n exit(0);\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-24T18:21:20", "bulletinFamily": "scanner", "description": "Buffer overflow in Panda Antivirus before 20-07-2007\n allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an Integer Cast Around.", "modified": "2018-09-22T00:00:00", "published": "2010-07-08T00:00:00", "id": "OPENVAS:1361412562310102052", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102052", "title": "Panda Antivirus Buffer Overflow", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: panda_av_bof_vuln.nasl 11548 2018-09-22 11:43:02Z cfischer $\n#\n# Panda Antivirus Buffer Overflow\n#\n# LSS-NVT-2010-041\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102052\");\n script_version(\"$Revision: 11548 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-22 13:43:02 +0200 (Sat, 22 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-08 10:59:30 +0200 (Thu, 08 Jul 2010)\");\n script_cve_id(\"CVE-2007-3969\");\n script_bugtraq_id(24989);\n script_name(\"Panda Antivirus Buffer Overflow\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/archive/1/474247/100/0/threaded\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/26171\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"panda_av_update_detect.nasl\");\n script_mandatory_keys(\"Panda/AntiVirus/LastUpdate\");\n\n script_tag(name:\"solution\", value:\"The vulnerability was reported on May 07 2007\n and an update has been issued on July 20 2007 to solve this vulnerability through the regular update mechanism.\");\n\n script_tag(name:\"summary\", value:\"Buffer overflow in Panda Antivirus before 20-07-2007\n allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an Integer Cast Around.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nvuln_update = \"20-07-2007\";\n#software not updated after this date is vulnerable\n\nif (!last_update = get_kb_item(\"Panda/AntiVirus/LastUpdate\")) exit(0);\n\n#This part of code converts the dates in a format that\n#is checkable using the version_func.inc constructs\nlast_update = ereg_replace(pattern:\"^(.*)-(.*)-(.*)$\", replace:\"\\3.\\2.\\1\", string:last_update);\nvuln_update = ereg_replace(pattern:\"^(.*)-(.*)-(.*)$\", replace:\"\\3.\\2.\\1\", string:vuln_update);\n\nif(version_is_less(version: last_update, test_version:vuln_update)){\n security_message(port:0);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:07:24", "bulletinFamily": "scanner", "description": "The version of Panda Antivirus installed on the remote host reportedly\ncontains a buffer overflow in its file parsing engine. Using a\nspecially crafted EXE file, a remote attacker may be able to leverage\nthis issue to crash the affected application or to execute arbitrary\ncode.", "modified": "2018-11-15T00:00:00", "published": "2007-07-25T00:00:00", "id": "PANDA_EXE_FILE_PARSING_OVERFLOW.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25764", "title": "Panda Antivirus EXE File Parsing Overflow", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25764);\n script_version(\"1.17\");\n\n script_cve_id(\"CVE-2007-3969\");\n script_bugtraq_id(24989);\n\n script_name(english:\"Panda Antivirus EXE File Parsing Overflow\");\n script_summary(english:\"Checks version of Panda Antivirus signatures\"); \n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application that is prone to a buffer\noverflow attack.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of Panda Antivirus installed on the remote host reportedly\ncontains a buffer overflow in its file parsing engine. Using a\nspecially crafted EXE file, a remote attacker may be able to leverage\nthis issue to crash the affected application or to execute arbitrary\ncode.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/474247/30/0/threaded\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Use the Update feature to update the virus signatures to a version\nissued on or after July 20, 2007.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/07/25\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/07/20\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\",value:\"cpe:/a:pandasecurity:panda_antivirus\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"panda_antivirus_installed.nasl\");\n script_require_keys(\"Antivirus/Panda/installed\", \"Antivirus/Panda/sigs\");\n\n exit(0);\n}\n\n\n# Get the signature database update for the target.\nsigs = get_kb_item(\"Antivirus/Panda/sigs\");\nif (!sigs) exit(0);\nif (sigs !~ \"^[0-9]+-[0-9]+-[0-9]+$\") exit(0);\n\n\n# There's a problem if the update is before 7-20-2007.\np = split(sigs, sep:\"-\", keep:FALSE);\nfor (i=0; i<max_index(p); i++)\n p[i] = int(p[i]);\n\nif (\n p[2] < 2007 ||\n (\n p[2] == 2007 &&\n (\n p[0] < 7 ||\n (p[0] == 7 && p[1] < 20)\n )\n )\n)\n{\n report = string(\n \"\\n\",\n \"The virus signatures currently on the remote host are dated \", sigs, \".\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.pandasoftware.com/\nSecurity Tracker: 1018437\n[Secunia Advisory ID:26171](https://secuniaresearch.flexerasoftware.com/advisories/26171/)\nOther Advisory URL: http://www.nruns.com/[n.runs-SA-2007.019]%20-%20Panda%20Antivirus%20EXE%20parsing%20Arbitrary%20Code%20Execution%20Advisory.pdf\nOther Advisory URL: http://securityreason.com/securityalert/2920\nOther Advisory URL: http://www.nruns.com/[n.runs-SA-2007.019]%20-%20Panda%20Antivirus%20EXE%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0226.html\nKeyword: n.runs-SA-2007.019\n[CVE-2007-3969](https://vulners.com/cve/CVE-2007-3969)\nBugtraq ID: 24989\n", "modified": "2007-07-20T19:11:32", "published": "2007-07-20T19:11:32", "href": "https://vulners.com/osvdb/OSVDB:37979", "id": "OSVDB:37979", "title": "Panda Antivirus EXE File Handling Overflow", "type": "osvdb", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}