Unrated severityNVD Advisory· Published Feb 11, 2010· Updated Apr 29, 2026

CVE-2009-3735

Description

The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method.

Affected products

Panda Project/Activescan
cpe:2.3:a:panda:panda_activescan:2.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/38485nvdVendor Advisory
www.vupen.com/english/advisories/2010/0354nvdVendor Advisory
www.kb.cert.org/vuls/id/869993nvdUS Government Resource
www.kb.cert.org/vuls/id/MAPG-7QPKL3nvd
www.securityfocus.com/bid/38067nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-008nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000