[Full-disclosure] Panda Antivirus EoP (BID 25186)

edi.strosar Sat, 04 Aug 2007 15:50:09 -0700

Hello list,

regarding BID 25186 (disclosed by tarkus)
http://www.securityfocus.com/bid/25186/


we discovered that Panda Antivirus 2007 is also vulnerable 
to insecure file permission issue. Least privileged users 
could elevate their privileges to Local System by renaming 
and replacing any of the following files within Panda 
installation directory:

pavsrv51.exe (Panda AV Service)
psimsvc.exe (Panda IManager Service)
psctrls.exe (Panda Software Controller)

Sincerelly,
Edi Strosar (Team Intell)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Panda Antivirus EoP (BID 25186)

Reply via email to