[<prev] [next>] [day] [month] [year] [list]
Message-ID: <53F4777E.608@portcullis-security.com>
Date: Wed, 20 Aug 2014 11:25:02 +0100
From: Portcullis Advisories <advisories@...tcullis-security.com>
To: bugtraq@...urityfocus.com, moderators@...db.org,
fulldisclosure@...lists.org, vuln@...unia.com
Subject: [FD] CVE-2014-5307 - Privilege Escalation in Panda Security Products
Vulnerability title: Privilege Escalation in Panda Security
CVE: CVE-2014-5307
Vendor: Panda Security
Product: Multiple
Affected version: Panda 2014 Products
Fixed version: Hotfix hft131306s24_r1
Reported by: Kyriakos Economou
Details:
Latest, and possibly earlier builds, of the PavTPK.sys kernel mode
driver of Panda Security software suffer from a heap overflow bug that
allows any user to elevate their privileges through an IOCTL request and
execute code as SYSTEM by controlling the EIP via a corrupted kernel object.
This driver is loaded into kernel memory during boot time and stays
resident without touching the disk later.
All Panda Security products using the faulty driver were found to be
vulnerable.
Further details at:
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5307/
Copyright:
Copyright (c) Portcullis Computer Security Limited 2014, All rights
reserved worldwide. Permission is hereby granted for the electronic
redistribution of this information. It is not to be edited or altered in
any way without the express written consent of Portcullis Computer
Security Limited.
Disclaimer:
The information herein contained may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties, implied or otherwise, with regard to this information
or its use. Any use of this information is at the user's risk. In no
event shall the author/distributor (Portcullis Computer Security
Limited) be held liable for any damages whatsoever arising out of or in
connection with the use or spread of this information.
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists