CVE-2007-4191 - Panda Antivirus 2008 stores service executables under the product's installation directory with weak

CVE-2007-4191

Summary

Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657.

References

Vulnerable Configurations

cpe:2.3:a:panda:panda_antivirus:2008:*:*:*:*:*:*:*
cpe:2.3:a:panda:panda_antivirus:2008:*:*:*:*:*:*:*

CVSS

Base:	6.9 (as of 15-10-2018 - 21:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	25186
bugtraq	20070802 Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again) 20070919 RE: Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again) 20070924 RE: Re[2]: [Full-disclosure] Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again)
confirm	http://www.pandasecurity.com/homeusers/support/card?id=41111&idIdioma=2&ref=PAV08Dev
misc	https://tiifp.org/tarkus/advisories/panda030707.txt
sectrack	1018722
secunia	26336
sreason	2968
vupen	ADV-2007-2784

Last major update

15-10-2018 - 21:33

Published

08-08-2007 - 01:17

Last modified

15-10-2018 - 21:33