彙總 panda 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 緩衝區溢位、記憶體損壞、拒絕服務與跨站腳本 等問題,部分漏洞可能導致 記憶體損壞,並影響 生產負載與軟體部署 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2009-3735 | The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method. | [email protected] | 9.3 | 8.06% | 2010-02-11 | 2026-04-29 |
| CVE-2008-3156 | The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method. | [email protected] | 9.3 | 12.92% | 2008-07-11 | 2026-04-23 |
| CVE-2008-3155 | Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method. | [email protected] | 9.3 | 25.05% | 2008-07-11 | 2026-04-23 |
| CVE-2008-1471 | The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory. | [email protected] | 7.2 | 0.26% | 2008-03-24 | 2026-04-23 |
| CVE-2007-4191 | Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657. | [email protected] | 6.9 | 0.09% | 2007-08-08 | 2026-04-23 |
| CVE-2007-3969 | Buffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an "Integer Cast Around." | [email protected] | 9.3 | 8.13% | 2007-07-25 | 2026-04-23 |
| CVE-2007-3026 | Integer overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow. | [email protected] | 9.3 | 9.25% | 2007-07-25 | 2026-04-23 |
| CVE-2007-1673 | unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | [email protected] | 7.8 | 1.42% | 2007-05-09 | 2026-04-23 |
| CVE-2007-1670 | Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | [email protected] | 7.8 | 1.94% | 2007-05-09 | 2026-04-23 |
| CVE-2006-5967 | Race condition in Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to cause memory corruption and execute arbitrary code via unknown vectors related to multiple invocations of the Analizar method in the ActiveScan.1 ActiveX control, which is not thread safe. | [email protected] | 5.1 | 2.91% | 2006-11-17 | 2026-04-23 |
| CVE-2006-5966 | Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to (1) reboot the system using the Reinicializar method in the ActiveScan.1 ActiveX control, or (2) determine arbitrary file existence and size via the ObtenerTamano method in the PAVPZ.SOS.1 ActiveX control. | [email protected] | 6.4 | 1.41% | 2006-11-17 | 2026-04-23 |
| CVE-2006-4659 | The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability. | [email protected] | 5.0 | 0.50% | 2006-09-09 | 2026-04-16 |
| CVE-2006-4658 | Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses sequential message numbers in generated URLs that are not filtered if the user replies to a message, which might allow remote attackers to determine mail usage patterns. | [email protected] | 5.0 | 0.56% | 2006-09-09 | 2026-04-16 |
| CVE-2006-4657 | Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying (1) WebProxy.exe or (2) PAVSRV51.EXE. | [email protected] | 7.2 | 0.04% | 2006-09-09 | 2026-04-16 |
| CVE-2006-4295 | Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter. | [email protected] | 4.3 | 0.42% | 2006-08-23 | 2026-04-16 |
| CVE-2005-3922 | Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive. | [email protected] | 7.5 | 5.61% | 2005-11-30 | 2026-04-16 |
| CVE-2005-3380 | Multiple interpretation error in Panda Titanium 2005 4.02.01 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | [email protected] | 5.0 | 0.79% | 2005-10-30 | 2026-04-16 |
| CVE-2004-1905 | ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause a denial of service (crash) by calling the SetSitesFile function. | [email protected] | 5.0 | 0.92% | 2004-12-31 | 2026-04-16 |
| CVE-2004-1904 | Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to execute arbitrary code via the Internacional property followed by a long string. | [email protected] | 7.5 | 7.07% | 2004-12-31 | 2026-04-16 |
| CVE-2001-1149 | Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file. | [email protected] | 5.0 | 0.48% | 2001-08-21 | 2026-04-16 |