[Full-disclosure] Panda Antivirus EoP (BID 25186)
edi.strosar at varnostne-novice.com
edi.strosar at varnostne-novice.com
Sat Aug 4 23:49:39 BST 2007
Hello list,
regarding BID 25186 (disclosed by tarkus)
http://www.securityfocus.com/bid/25186/
we discovered that Panda Antivirus 2007 is also vulnerable
to insecure file permission issue. Least privileged users
could elevate their privileges to Local System by renaming
and replacing any of the following files within Panda
installation directory:
pavsrv51.exe (Panda AV Service)
psimsvc.exe (Panda IManager Service)
psctrls.exe (Panda Software Controller)
Sincerelly,
Edi Strosar (Team Intell)
Full-Disclosure is hosted and sponsored by Secunia.