Full Disclosure mailing list archives
Panda Antivirus EoP (BID 25186)
From: <edi.strosar () varnostne-novice com>
Date: Sat, 04 Aug 2007 18:49:39 -0400
Hello list, regarding BID 25186 (disclosed by tarkus) http://www.securityfocus.com/bid/25186/ we discovered that Panda Antivirus 2007 is also vulnerable to insecure file permission issue. Least privileged users could elevate their privileges to Local System by renaming and replacing any of the following files within Panda installation directory: pavsrv51.exe (Panda AV Service) psimsvc.exe (Panda IManager Service) psctrls.exe (Panda Software Controller) Sincerelly, Edi Strosar (Team Intell) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Panda Antivirus EoP (BID 25186) edi.strosar (Aug 04)