Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
{PRL} Multiple Panda Security Products Local Privilege Escalation Vulnerability
Oct 31 2009 02:24PM
Protek Research Lab (protekresearchlab yahoo ca)
########################################################################
#############
Application: Panda Global Protection 2010
Panda Internet Security 2010
Platforms: Windows XP Professional SP & windows Vista SP1
Exploitation: Local Privilege Escalation
Date: 2009-10-27
Author: Francis Provencher (Protek Research Lab's)
########################################################################
#############
1) Introduction
2) Technical details
3) The Code (N/A)
########################################################################
#############
===============
1) Introduction
===============
Panda Global Protection 2010
Enjoy total security and ensure information integrity.
Enjoy optimum security and safeguard your valuable data with Panda Global Protection 2010. It protects you from viruses, spyware,
rootkits, hackers, online fraud, identity theft and all other Internet threats. The anti-spam engine will keep your inbox free from
junk mail while the Parental Control feature ensures your children can use the Web safely. You can also back up important files
(documents, music, photos, etc.) to a CD/DVD or online and restore them in case of accidental loss or damage.
(from Panda security website)
2009-10-27 Contact vendor (No response)
2009-10-29 Contact vendor (No response)
2009-10-30 Contact Vendor (Three strikes...out!)
########################################################################
#############
============================
2) Technical details
============================
Panda Global Protection 2010
Build 3.01.00
Panda Internet Security 2010
Build 15.01.00
All files under the install folder have Full control access for everyone and can be replace with malicious files.
... snip ...
C:\Program Files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe Everyone:F
... snip ...
C:\>WHOAMI.EXE
FUZZYXP\test
C:\>telnet 127.0.0.1 4444
C:\>WHOAMI.EXE
WHOAMI.EXE
AUTORITE NT\SYSTEM
########################################################################
#############
===========
3) The Code
===========
N\A
########################################################################
#############
(PRL-2009-15)
__________________________________________________________________
Looking for the perfect gift? Give the gift of Flickr!
http://www.flickr.com/gift/
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
#############
Application: Panda Global Protection 2010
Panda Internet Security 2010
Platforms: Windows XP Professional SP & windows Vista SP1
Exploitation: Local Privilege Escalation
Date: 2009-10-27
Author: Francis Provencher (Protek Research Lab's)
########################################################################
#############
1) Introduction
2) Technical details
3) The Code (N/A)
########################################################################
#############
===============
1) Introduction
===============
Panda Global Protection 2010
Enjoy total security and ensure information integrity.
Enjoy optimum security and safeguard your valuable data with Panda Global Protection 2010. It protects you from viruses, spyware,
rootkits, hackers, online fraud, identity theft and all other Internet threats. The anti-spam engine will keep your inbox free from
junk mail while the Parental Control feature ensures your children can use the Web safely. You can also back up important files
(documents, music, photos, etc.) to a CD/DVD or online and restore them in case of accidental loss or damage.
(from Panda security website)
2009-10-27 Contact vendor (No response)
2009-10-29 Contact vendor (No response)
2009-10-30 Contact Vendor (Three strikes...out!)
########################################################################
#############
============================
2) Technical details
============================
Panda Global Protection 2010
Build 3.01.00
Panda Internet Security 2010
Build 15.01.00
All files under the install folder have Full control access for everyone and can be replace with malicious files.
... snip ...
C:\Program Files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe Everyone:F
... snip ...
C:\>WHOAMI.EXE
FUZZYXP\test
C:\>telnet 127.0.0.1 4444
C:\>WHOAMI.EXE
WHOAMI.EXE
AUTORITE NT\SYSTEM
########################################################################
#############
===========
3) The Code
===========
N\A
########################################################################
#############
(PRL-2009-15)
__________________________________________________________________
Looking for the perfect gift? Give the gift of Flickr!
http://www.flickr.com/gift/
[ reply ]