{"id": "CVE-2007-3969", "bulletinFamily": "NVD", "title": "CVE-2007-3969", "description": "Buffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an \"Integer Cast Around.\"", "published": "2007-07-25T17:30:00", "modified": "2018-10-15T21:32:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3969", "reporter": "cve@mitre.org", "references": ["http://securityreason.com/securityalert/2920", "http://secunia.com/advisories/26171", "http://www.securitytracker.com/id?1018437", "http://www.securityfocus.com/bid/24989", "http://www.nruns.com/[n.runs-SA-2007.019]%20-%20Panda%20Antivirus%20EXE%20parsing%20Arbitrary%20Code%20Execution%20Advisory.pdf", "http://www.nruns.com/[n.runs-SA-2007.019]%20-%20Panda%20Antivirus%20EXE%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txt", "http://www.securityfocus.com/archive/1/474247/100/0/threaded"], "cvelist": ["CVE-2007-3969"], "type": "cve", "lastseen": "2019-05-29T18:09:00", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "57daf58f298ca46209ef82867842c936"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "1ea572dd7582241ef5f315f4758437ff"}, {"key": "cpe23", "hash": "44b5106a642969eeeb0cc5669b7c158d"}, {"key": "cvelist", "hash": "55fa41c3015e1a190f857efc614f9ad7"}, {"key": "cvss", "hash": "d726e774add6189e33cf2ea0c61a2ba5"}, {"key": "cvss2", "hash": "b44904dff3e01e17a73d9c628f7c876d"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "b8a5bf279b1492b6ecb055870e26cf1b"}, {"key": "href", "hash": "3e8a4be861b89559f5bd1149dd0779a7"}, {"key": "modified", "hash": "2ae918a10e3c63fca011c10bfebf3711"}, {"key": "published", "hash": "4b712bdc24f2e2ecb93d4e6358432f55"}, {"key": "references", "hash": "12036a2d36d29147c074ca4a889467ff"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "7b22db76ac4dc777501a051052df278a"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "89aea1a9321b30b83f4da6dc3e1fee2b342c0d2b696b5ea795b049a3b8e2d253", "viewCount": 0, "enchantments": {"score": {"value": 8.2, "vector": "NONE", "modified": "2019-05-29T18:09:00"}, "dependencies": {"references": [{"type": "nessus", "idList": ["PANDA_EXE_FILE_PARSING_OVERFLOW.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310102052", "OPENVAS:102052"]}, {"type": "osvdb", "idList": ["OSVDB:37979"]}], "modified": "2019-05-29T18:09:00"}, "vulnersScore": 8.2}, "objectVersion": "1.3", "cpe": ["cpe:/a:panda:panda_antivirus:*"], "affectedSoftware": [{"name": "panda panda_antivirus", "operator": "eq", "version": "*"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:panda:panda_antivirus:*:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"nessus": [{"lastseen": "2019-02-21T01:09:59", "bulletinFamily": "scanner", "description": "The version of Panda Antivirus installed on the remote host reportedly contains a buffer overflow in its file parsing engine. Using a specially crafted EXE file, a remote attacker may be able to leverage this issue to crash the affected application or to execute arbitrary code.", "modified": "2018-11-15T00:00:00", "id": "PANDA_EXE_FILE_PARSING_OVERFLOW.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25764", "published": "2007-07-25T00:00:00", "title": "Panda Antivirus EXE File Parsing Overflow", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25764);\n script_version(\"1.17\");\n\n script_cve_id(\"CVE-2007-3969\");\n script_bugtraq_id(24989);\n\n script_name(english:\"Panda Antivirus EXE File Parsing Overflow\");\n script_summary(english:\"Checks version of Panda Antivirus signatures\"); \n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application that is prone to a buffer\noverflow attack.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of Panda Antivirus installed on the remote host reportedly\ncontains a buffer overflow in its file parsing engine. Using a\nspecially crafted EXE file, a remote attacker may be able to leverage\nthis issue to crash the affected application or to execute arbitrary\ncode.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/474247/30/0/threaded\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Use the Update feature to update the virus signatures to a version\nissued on or after July 20, 2007.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/07/25\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/07/20\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\",value:\"cpe:/a:pandasecurity:panda_antivirus\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"panda_antivirus_installed.nasl\");\n script_require_keys(\"Antivirus/Panda/installed\", \"Antivirus/Panda/sigs\");\n\n exit(0);\n}\n\n\n# Get the signature database update for the target.\nsigs = get_kb_item(\"Antivirus/Panda/sigs\");\nif (!sigs) exit(0);\nif (sigs !~ \"^[0-9]+-[0-9]+-[0-9]+$\") exit(0);\n\n\n# There's a problem if the update is before 7-20-2007.\np = split(sigs, sep:\"-\", keep:FALSE);\nfor (i=0; i<max_index(p); i++)\n p[i] = int(p[i]);\n\nif (\n p[2] < 2007 ||\n (\n p[2] == 2007 &&\n (\n p[0] < 7 ||\n (p[0] == 7 && p[1] < 20)\n )\n )\n)\n{\n report = string(\n \"\\n\",\n \"The virus signatures currently on the remote host are dated \", sigs, \".\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-05-29T18:40:05", "bulletinFamily": "scanner", "description": "Buffer overflow in Panda Antivirus before 20-07-2007\n allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an Integer Cast Around.", "modified": "2018-09-22T00:00:00", "published": "2010-07-08T00:00:00", "id": "OPENVAS:1361412562310102052", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102052", "title": "Panda Antivirus Buffer Overflow", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: panda_av_bof_vuln.nasl 11548 2018-09-22 11:43:02Z cfischer $\n#\n# Panda Antivirus Buffer Overflow\n#\n# LSS-NVT-2010-041\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102052\");\n script_version(\"$Revision: 11548 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-22 13:43:02 +0200 (Sat, 22 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-08 10:59:30 +0200 (Thu, 08 Jul 2010)\");\n script_cve_id(\"CVE-2007-3969\");\n script_bugtraq_id(24989);\n script_name(\"Panda Antivirus Buffer Overflow\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/archive/1/474247/100/0/threaded\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/26171\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"panda_av_update_detect.nasl\");\n script_mandatory_keys(\"Panda/AntiVirus/LastUpdate\");\n\n script_tag(name:\"solution\", value:\"The vulnerability was reported on May 07 2007\n and an update has been issued on July 20 2007 to solve this vulnerability through the regular update mechanism.\");\n\n script_tag(name:\"summary\", value:\"Buffer overflow in Panda Antivirus before 20-07-2007\n allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an Integer Cast Around.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nvuln_update = \"20-07-2007\";\n#software not updated after this date is vulnerable\n\nif (!last_update = get_kb_item(\"Panda/AntiVirus/LastUpdate\")) exit(0);\n\n#This part of code converts the dates in a format that\n#is checkable using the version_func.inc constructs\nlast_update = ereg_replace(pattern:\"^(.*)-(.*)-(.*)$\", replace:\"\\3.\\2.\\1\", string:last_update);\nvuln_update = ereg_replace(pattern:\"^(.*)-(.*)-(.*)$\", replace:\"\\3.\\2.\\1\", string:vuln_update);\n\nif(version_is_less(version: last_update, test_version:vuln_update)){\n security_message(port:0);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:54:24", "bulletinFamily": "scanner", "description": "Buffer overflow in Panda Antivirus before 20-07-2007\n allows remote attackers to execute arbitrary code\n via a crafted EXE file, resulting from an Integer Cast Around.", "modified": "2017-12-21T00:00:00", "published": "2010-07-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=102052", "id": "OPENVAS:102052", "title": "Panda Antivirus Buffer Overflow", "type": "openvas", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Panda Antivirus Buffer Overflow\n#\n# LSS-NVT-2010-041\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"The vulnerability was reported on May 07 2007\n and an update has been issued on July 20 2007\n to solve this vulnerability through the regular update mechanism.\";\ntag_summary = \"Buffer overflow in Panda Antivirus before 20-07-2007\n allows remote attackers to execute arbitrary code\n via a crafted EXE file, resulting from an Integer Cast Around.\";\n\nif(description)\n{\n script_id(102052);\n script_version(\"$Revision: 8217 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 14:24:55 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-08 10:59:30 +0200 (Thu, 08 Jul 2010)\");\n script_cve_id(\"CVE-2007-3969\");\n script_bugtraq_id(24989);\n script_name(\"Panda Antivirus Buffer Overflow\");\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/archive/1/archive/1/474247/100/0/threaded\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/26171\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"panda_av_update_detect.nasl\");\n script_mandatory_keys(\"Panda/AntiVirus/LastUpdate\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude (\"version_func.inc\"); #version checking library\n\nvuln = 0; #if vulnerable, vuln = 1\nvuln_update = \"20-07-2007\";\n#software not updated after this date is vulnerable\n\nif (!last_update = get_kb_item(\"Panda/AntiVirus/LastUpdate\")) exit(0);\n\n#This part of code converts the dates in a format that \n#is checkable using the version_func.inc constructs\nlast_update = ereg_replace(pattern:\"^(.*)-(.*)-(.*)$\",\n replace:\"\\3.\\2.\\1\",\n string:last_update);\n\nvuln_update = ereg_replace(pattern:\"^(.*)-(.*)-(.*)$\",\n replace:\"\\3.\\2.\\1\",\n string:vuln_update);\n \nvuln = version_is_less(version: last_update,\ntest_version:vuln_update);\n\nif(vuln)\n{\n security_message(0);\n exit(0);\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.pandasoftware.com/\nSecurity Tracker: 1018437\n[Secunia Advisory ID:26171](https://secuniaresearch.flexerasoftware.com/advisories/26171/)\nOther Advisory URL: http://www.nruns.com/[n.runs-SA-2007.019]%20-%20Panda%20Antivirus%20EXE%20parsing%20Arbitrary%20Code%20Execution%20Advisory.pdf\nOther Advisory URL: http://securityreason.com/securityalert/2920\nOther Advisory URL: http://www.nruns.com/[n.runs-SA-2007.019]%20-%20Panda%20Antivirus%20EXE%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0226.html\nKeyword: n.runs-SA-2007.019\n[CVE-2007-3969](https://vulners.com/cve/CVE-2007-3969)\nBugtraq ID: 24989\n", "modified": "2007-07-20T19:11:32", "published": "2007-07-20T19:11:32", "href": "https://vulners.com/osvdb/OSVDB:37979", "id": "OSVDB:37979", "title": "Panda Antivirus EXE File Handling Overflow", "type": "osvdb", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}