Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Panda Antivirus EoP (BID 25186)

From: <edi.strosar () varnostne-novice com>
Date: Sat, 04 Aug 2007 18:49:39 -0400
Hello list,

regarding BID 25186 (disclosed by tarkus)
http://www.securityfocus.com/bid/25186/

we discovered that Panda Antivirus 2007 is also vulnerable 
to insecure file permission issue. Least privileged users 
could elevate their privileges to Local System by renaming 
and replacing any of the following files within Panda 
installation directory:

pavsrv51.exe (Panda AV Service)
psimsvc.exe (Panda IManager Service)
psctrls.exe (Panda Software Controller)

Sincerelly,
Edi Strosar (Team Intell)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: