Panda’s Online Scanner Contains Bugs and Hole
Secunia, the firm that specializes in assessing vulnerability declared on November 16, 2006 that it is trailing a flaw and two bugs in Panda Software's free online virus scanner. This could enable executing any code from a distance, cause a DoS (Denial of Service) attack or even hack a user's system.
A very powerful Panda Active Scan is featured to erase any of the 110,000 active viruses, worms or trojans from a computer system. But it has two vulnerabilities related to 'ActiveX control' that could lead to 'buffer overflow', says a Secunia advisory. Secunia also assigns the problem "highly critical".
Panda Scanner's 'ActiveScan1 ActiveX control' has a 'memory corruption error', which is responsible for the two vulnerabilities at the same time. The 'Reincializar ()' function results in rebooting the computer without the permission of the user. The 'Analizar ()' function is also not safe because it has multiple variables and pointers in its 'common memory areas'. If the function is summoned again and again, it can corrupt memory and lead to running a smuggled code. This is called 'race condition'.
The third vulnerability, which is less critical, results from an error in the 'ObtenerTamano ()' function present in the 'PAVPZ.SOS1 ActiveX' element. It sends back the particular 'local' file, which can help attackers to derive specific file versions residing there. From that point PadaLabs has issued updated 'ActiveX modules' for visitors who can install it from the site and run a scan from its online scanner.
Panda's 'product technology officer', Ryan Sherstobitoff informed SC Magazine that the flaws were patched and users could confidently run the scan. He said that being an online scan, Panda Software developers were quick to act and patch the situation before it could affect a large number of users. Since the execution does not reside on the PC, the chances of absorbing the attack are limited. In fact, a widespread attack can be ruled out.
According to Sherstobitoff there is no user affected by the flaw in the 'Active Scanner' so far. Secunia recommends users to upgrade to ActiveScan version 5.54.01 to apply a fix to the 'Active Scanner flaw'.
Related article: Panda-Like Virus Plagues China’s Internet
» SPAMfighter News - 21-11-2006