[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Panda Antivirus EoP (BID 25186)



Hello list,

regarding BID 25186 (disclosed by tarkus)
http://www.securityfocus.com/bid/25186/

we discovered that Panda Antivirus 2007 is also vulnerable 
to insecure file permission issue. Least privileged users 
could elevate their privileges to Local System by renaming 
and replacing any of the following files within Panda 
installation directory:

pavsrv51.exe (Panda AV Service)
psimsvc.exe (Panda IManager Service)
psctrls.exe (Panda Software Controller)

Sincerelly,
Edi Strosar (Team Intell)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/