[Full-disclosure] Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again)

[3APA3A]

Dear Panda Security Response,


 secure at pandasoftware.com was contacted about this same vulnerability in
 Panda  Antivirus  2007  on August, 11 2006 (more than year ago) without
 any results and response, until information was published in Bugtraq.

 As  far,  as  I  can  see, pandasecurity.com is Swedish domain of Panda
 while  pandasoftware.com  is  international  one.  I believe it's quite
 reasonable   to   have  secure at pandasoftware.com  to  be  forwarded  to
 secure at pandasecurity.com, don't you think so?


--Thursday, September 20, 2007, 12:58:42 AM, you wrote to full-disclosure at lists.grok.org.uk:

 

PSR> Users of vulnerable 2007 versions should upgrade to Panda Antivirus
PSR> 2008 and apply the fix provided.

<skipped>

PSR> For future vulnerability reporting to Panda please write specifically
PSR> and exclusively to "Panda Security Response"
PSR> <secure at pandasecurity.com> instead of generic beta or informational
PSR> contact mailboxes.

<skipped>

PSR> blog:  http://research.pandasoftware.com

-- 
~/ZARAZA http://securityvulns.com/
Да, ему чертовски повезло. Эх и паршиво б ему пришлось если бы он выжил! (Твен)