TUCoPS :: HP Unsorted M :: bt-21916.htm

Multiple Panda Security Products Local Privilege Escalation Vulnerability
{PRL} Multiple Panda Security Products Local Privilege Escalation Vulnerability
{PRL} Multiple Panda Security Products Local Privilege Escalation Vulnerability


#####################################################################################=0A=0AApplication:=A0 Panda Global Protection 2010=0A=A0=A0=A0 =A0 =A0 =A0 Panda Internet Security 2010=A0=A0=A0 =A0 =A0 =A0 =A0 =A0 =A0 =0A=0APlatforms:=A0 =A0 Windows XP Professional SP & windows Vista SP1=0A=0AExploitation: Local Privilege Escalation=0A=0ADate:=A0 =A0 =A0 =A0=A0=A02009-10-27=0A=0AAuthor:=A0 =A0 =A0=A0=A0Francis Provencher (Protek Research Lab's) =0A=0A=A0 =A0 =A0 =A0 =A0 =0A#####################################################################################=0A=0A1) Introduction=0A2) Technical details=0A3) The Code (N/A)=0A=0A=0A#####################################################################################=0A=0A================0A1) Introduction=0A================0A=0APanda Global Protection 2010=0AEnjoy total security and ensure information integrity.=0A=0AEnjoy optimum security and safeguard your valuable data with Panda Global Protection 2010. It protects you from viruses, spyware, =0A=0Arootkits, hackers, online fraud, identity theft and all other Internet threats. The anti-spam engine will keep your inbox free from =0A=0Ajunk mail while the Parental Control feature ensures your children can use the Web safely. You can also back up important files =0A=0A(documents, music, photos, etc.) to a CD/DVD or online and restore them in case of accidental loss or damage. =0A=0A(from Panda security website)=0A=0A=0A2009-10-27 Contact vendor (No response)=0A2009-10-29 Contact vendor (No response)=0A2009-10-30 Contact Vendor (Three strikes...out!)=0A=0A=0A#####################################################################################=0A=0A=============================0A2) Technical details =0A=============================0A=0APanda Global Protection 2010=0ABuild 3.01.00=0A=0APanda Internet Security 2010=0ABuild 15.01.00=0A=0AAll files under the install folder have Full control access for everyone and can be replace with malicious files.=0A=0A... snip ...=0A=0AC:\Program Files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe Everyone:F=0A=0A... snip ...=0A=0AC:\>WHOAMI.EXE=0AFUZZYXP\test=0A=0AC:\>telnet 127.0.0.1 4444=0A=0A=0AC:\>WHOAMI.EXE=0AWHOAMI.EXE=0AAUTORITE NT\SYSTEM=0A=0A=0A=0A=0A=0A#####################################################################################=0A=0A============0A3) The Code=0A============0A=0AN\A=0A=0A=0A#####################################################################################=0A(PRL-2009-15)=0A=0A=0A=0A=0A __________________________________________________________________=0ALooking for the perfect gift? Give the gift of Flickr! =0A=0Ahttp://www.flickr.com/gift/

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH