CVE-2005-3922
CVE-2005-3922 is a high-severity vulnerability in Panda Panda Activescan with a CVSS 2.0 base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 2.0 base score 7.5)
- EPSS exploit prediction: 6% (92nd percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Panda Panda Activescan
- Published:
- Last modified:
Description
Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive.
Frequently asked questions
- What is CVE-2005-3922?
- Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive.
- How severe is CVE-2005-3922?
- CVE-2005-3922 has a CVSS 2.0 base score of 7.5, rated high severity.
- Is CVE-2005-3922 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 6% (92nd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2005-3922?
- CVE-2005-3922 primarily affects Panda Panda Activescan. In total, 20 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2005-3922?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2005-3922 published?
- CVE-2005-3922 was published on 2005-11-30 and last updated on 2026-06-16.
References
- http://secunia.com/advisories/17765
- http://securityreason.com/securityalert/216
- http://securitytracker.com/id?1015295
- http://www.osvdb.org/21256
- http://www.rem0te.com/public/images/panda.pdf
- http://www.securityfocus.com/archive/1/418096/100/0/threaded
- http://www.securityfocus.com/bid/15616
- http://www.vupen.com/english/advisories/2005/2666
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23276
Affected products (20)
- cpe:2.3:a:panda:panda_activescan:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:panda:panda_antivirus:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:panda:panda_antivirus_platinum:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:panda:panda_businessecure_antivirus:*:*:*:*:*:*:*:*
- cpe:2.3:a:panda:panda_clientshield_with_truprevent_technologies:*:*:*:*:*:*:*:*
- cpe:2.3:a:panda:panda_enterprisecure_with_truprevent_technologies:*:*:*:*:*:*:*:*
- cpe:2.3:a:panda:panda_exchangesecure:*:*:*:*:*:*:*:*
- cpe:2.3:a:panda:panda_filesecure:*:*:*:*:*:*:*:*
- cpe:2.3:a:panda:panda_filesecure_with_truprevent_technologies:*:*:*:*:*:*:*:*
- cpe:2.3:a:panda:panda_gatedefender:*:*:*:*:*:*:*:*
- cpe:2.3:a:panda:panda_isa_secure:*:*:*:*:*:*:*:*
- cpe:2.3:a:panda:panda_panda_enterprisecure_antivirus:*:*:*:*:*:*:*:*
- cpe:2.3:a:panda:panda_platinum_2006_internet_security:*:*:*:*:*:*:*:*
- cpe:2.3:a:panda:panda_security:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:panda:panda_titanium:*:*:*:*:*:*:*:*
- cpe:2.3:a:panda:panda_titanium_2005_antivirus:*:*:*:*:*:*:*:*
- cpe:2.3:a:panda:panda_titanium_2006_antivirus_\+_antispyware:*:*:*:*:*:*:*:*
- cpe:2.3:a:panda:panda_truprevent_personal:2005:*:*:*:*:*:*:*
- cpe:2.3:a:panda:panda_truprevent_personal:2006:*:*:*:*:*:*:*
- cpe:2.3:a:panda:panda_webadmin:*:*:*:*:*:*:*:*
More vulnerabilities in Panda Panda Activescan
- CVE-2009-3735 — Critical (CVSS 9.3): The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda…
- CVE-2008-3155 — Critical (CVSS 9.3): Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote…
- CVE-2008-3156 — Critical (CVSS 9.3): The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download…
- CVE-2007-1670 — High (CVSS 7.8): Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO…
- CVE-2006-4295 — Medium (CVSS 4.3): Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject…