The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Panda Internet Security

vulnerability alert CVE-2017-5565 CVE-2017-5566 CVE-2017-5567

Antivirus: privilege escalation via Microsoft Application Verifier

Synthesis of the vulnerability

An attacker can bypass restrictions via Microsoft Application Verifier of Antivirus, in order to escalate his privileges.
Impacted products: Avast AV, NOD32 Antivirus, F-Secure AV, AVG AntiVirus, McAfee MOVE AntiVirus, VirusScan, Norton Antivirus, Norton Internet Security, Panda AV, Panda Internet Security, TrendMicro Internet Security, OfficeScan.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 5.
Creation date: 22/03/2017.
Identifiers: 1116957, CVE-2017-5565, CVE-2017-5566, CVE-2017-5567, CVE-2017-6186, CVE-2017-6417, VIGILANCE-VUL-22211.

Description of the vulnerability

An attacker can bypass restrictions via Microsoft Application Verifier of Antivirus, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 19977

Panda Antivirus, Panda Internet Security: privilege escalation via bcryptprimitives.dll

Synthesis of the vulnerability

An attacker can create a DLL "bcryptprimitives.dll" of the installation folder of Panda Antivirus and Panda Internet Security, in order to get system privileges.
Impacted products: Panda AV, Panda Internet Security.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 27/06/2016.
Identifiers: VIGILANCE-VUL-19977.

Description of the vulnerability

The Panda Antivirus and Panda Internet Security products are made of several modules, some of them do not exist on every platform.

The library bcryptprimitives.dll is part of these modules, but the product always tries to load it. However, the folder where the library is looked for is writable by ordinary users. An attacker can create a DLL with this name in this folder and it will be run with the system privileges (account NT_AUTHORITY\SYSTEM). This vulnerability is similar to the one described in VIGILANCE-VUL-19558.

An attacker can therefore create a DLL "bcryptprimitives.dll" of the installation folder of Panda Antivirus and Panda Internet Security, in order to get system privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 18671

Windows: code execution during application installation

Synthesis of the vulnerability

An attacker can invite the victim to download malicious libraries on Windows, in order to run code during the installation of an application requiring these DLL.
Impacted products: 7-Zip, ZoneAlarm, FileZilla Server, GIMP, Chrome, Kaspersky AV, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, Windows Vista, Opera, Panda AV, Panda Internet Security, PuTTY, OfficeScan, TrueCrypt, VLC.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 11/01/2016.
Identifiers: sk110055, VIGILANCE-VUL-18671.

Description of the vulnerability

When a user installs a new application on Windows, he downloads the installation program (install.exe for example), and then runs it.

However, several installation programs load DLL (for example graph.dll) from the current directory. So, if an attacker invited the victim to download a malicious graph.dll file, before he runs install.exe from the Download directory, the code located in the DLL is run.

See also the bulletin VIGILANCE-VUL-19558 for other impacted products.

An attacker can therefore invite the victim to download malicious libraries on Windows, in order to run code during the installation of an application requiring these DLL.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-1438

Panda AV/IS: memory corruption via PSKMAD.sys

Synthesis of the vulnerability

A local attacker can generate a memory corruption in PSKMAD.sys of Panda AV/IS, in order to trigger a denial of service, and possibly to run code with system privileges.
Impacted products: Panda AV, Panda Internet Security.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 15/07/2015.
Identifiers: CVE-2015-1438, VIGILANCE-VUL-17401.

Description of the vulnerability

The Panda products install the PSKMAD.sys driver.

However, a local attacker can interact with this driver, to corrupt its memory.

A local attacker can therefore generate a memory corruption in PSKMAD.sys of Panda AV/IS, in order to trigger a denial of service, and possibly to run code with system privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 16617

Panda Antivirus, Internet Security: privilege escalation via Debug

Synthesis of the vulnerability

A local attacker can debug the password verification process of Panda Antivirus or Internet Security, in order to alter the configuration.
Impacted products: Panda AV, Panda Internet Security.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 15/04/2015.
Identifiers: SYSS-2015-012, SYSS-2015-013, VIGILANCE-VUL-16617.

Description of the vulnerability

The Panda Antivirus and Panda Internet Security products use a password to protect the access to their configuration.

The PSUAMain.exe (PSUNConsole.dll) program manages the verification of this password. However, this programs run as the current user.

A local attacker can therefore debug the password verification process of Panda Antivirus or Internet Security, in order to alter the configuration.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2014-5307

Panda Security: buffer overflow of PavTPK.sys

Synthesis of the vulnerability

An attacker can generate a buffer overflow in PavTPK.sys of Panda Security, in order to trigger a denial of service, and possibly to execute code with the kernel privilege level.
Impacted products: Panda AV, Panda Internet Security.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 20/08/2014.
Identifiers: CVE-2014-5307, VIGILANCE-VUL-15212.

Description of the vulnerability

The Panda Security products include a device driver PavTPK.sys, which any user process can communicate to via ioctls calls.

The ioctl command the number of which is 0×222008 takes a buffer as an argument. The data length is deduced from a data structure provided by the Windows kernel but reachable by the user process. So the process can make the driver copy onto the kernel space more data than it can mange.

An attacker can therefore generate a buffer overflow in PavTPK.sys of Panda Security, in order to trigger a denial of service, and possibly to run code with the kernel privilege level.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2014-3450

Panda AV, IS: privilege escalation

Synthesis of the vulnerability

A local attacker can use a vulnerability of Panda AV Pro or Internet Security, in order to escalate his privileges.
Impacted products: Panda AV, Panda Internet Security.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 21/05/2014.
Identifiers: CVE-2014-3450, VIGILANCE-VUL-14777.

Description of the vulnerability

A local attacker can use a vulnerability of Panda AV Pro or Internet Security, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 12211

Panda Internet Security: code execution via DLL Preload

Synthesis of the vulnerability

An attacker can create a malicious DLL on a host that runs Panda Internet Security, in order to make run it with the privileges of the SYSTEM account.
Impacted products: Panda Internet Security.
Severity: 3/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 05/12/2012.
Identifiers: BID-56808, VIGILANCE-VUL-12211.

Description of the vulnerability

The product Panda Internet Security is made of several services that dynamically loads DLL.

However, these services load theirs DLL insecurely. An attacker can thus use the VIGILANCE-VUL-9879 vulnerability to execute code.

An attacker can therefore create a malicious DLL on a host that runs Panda Internet Security, in order to make the product run it with the privileges of the SYSTEM account.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2012-1420 CVE-2012-1432 CVE-2012-1433

Panda Antivirus: bypassing via CAB, ELF, EXE, TAR, ZIP

Synthesis of the vulnerability

An attacker can create an archive or a program containing a virus, which is not detected by Panda Antivirus.
Impacted products: Panda AV, Panda Internet Security.
Severity: 2/4.
Consequences: data flow.
Provenance: document.
Number of vulnerabilities in this bulletin: 18.
Creation date: 21/03/2012.
Identifiers: BID-52582, BID-52592, BID-52593, BID-52594, BID-52595, BID-52596, BID-52598, BID-52600, BID-52601, BID-52602, BID-52604, BID-52605, BID-52606, BID-52608, BID-52614, BID-52615, BID-52621, BID-52623, CVE-2012-1420, CVE-2012-1432, CVE-2012-1433, CVE-2012-1434, CVE-2012-1435, CVE-2012-1436, CVE-2012-1439, CVE-2012-1440, CVE-2012-1442, CVE-2012-1444, CVE-2012-1445, CVE-2012-1446, CVE-2012-1447, CVE-2012-1453, CVE-2012-1454, CVE-2012-1456, CVE-2012-1459, CVE-2012-1463, VIGILANCE-VUL-11471.

Description of the vulnerability

Tools extracting archives (CAB, TAR, ZIP, etc.) accept to extract archives which are slightly malformed. Systems also accept to execute programs (ELF, EXE) which are slightly malformed. However, Panda Antivirus does not detect viruses contained in these archives/programs.

A TAR archive containing "\7fELF" as its first 4 bytes bypasses the detection. [severity:1/4; BID-52615, CVE-2012-1420]

An EXE program containing "\57\69\6E\5A\69\70" at offset 29 bypasses the detection. [severity:2/4; BID-52594, CVE-2012-1432]

An EXE program containing "\4a\46\49\46" at offset 6 bypasses the detection. [severity:2/4; BID-52596, CVE-2012-1433]

An EXE program containing "\19\04\00\10" at offset 8 bypasses the detection. [severity:2/4; BID-52582, CVE-2012-1434]

An EXE program containing "\50\4B\4C\49\54\45" at offset 30 bypasses the detection. [severity:2/4; BID-52592, CVE-2012-1435]

An EXE program containing "\2D\6C\68" at offset 3 bypasses the detection. [severity:2/4; BID-52593, CVE-2012-1436]

An ELF program containing a large "padding" field bypasses the detection. [severity:2/4; BID-52602, CVE-2012-1439]

An ELF program containing a large "identsize" field bypasses the detection. [severity:2/4; BID-52595, CVE-2012-1440]

An EXE program containing a large "class" field bypasses the detection. [severity:2/4; BID-52598, CVE-2012-1442]

An ELF program containing a large "abiversion" field bypasses the detection. [severity:2/4; BID-52604, CVE-2012-1444]

An ELF program containing a large "abi" field bypasses the detection. [severity:2/4; BID-52605, CVE-2012-1445]

An ELF program containing a large "encoding" field bypasses the detection. [severity:2/4; BID-52600, CVE-2012-1446]

An ELF program containing a large "e_version" field bypasses the detection. [severity:2/4; BID-52601, CVE-2012-1447]

A CAB archive containing a large "coffFiles" field bypasses the detection. [severity:1/4; BID-52621, CVE-2012-1453]

An ELF program containing a large "ei_version" field bypasses the detection. [severity:2/4; BID-52606, CVE-2012-1454]

A ZIP archive starting by TAR data bypasses the detection. [severity:1/4; BID-52608, CVE-2012-1456]

A TAR archive with a header containing a large value bypasses the detection. [severity:1/4; BID-52623, CVE-2012-1459]

An ELF program with a changed 5th byte bypasses the detection. [severity:2/4; BID-52614, CVE-2012-1463]

An attacker can therefore create an archive containing a virus which is not detected by the antivirus, but which is extracted by extraction tools. The virus is then detected once it has been extracted on victim's computer. An attacker can also create a program, containing a virus which is not detected by the antivirus, but which can be run by the system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 10306

Panda Internet Security: two vulnerabilities

Synthesis of the vulnerability

A local attacker can use two IOCTL on Panda Internet Security drivers, in order to create a denial of service or to execute code.
Impacted products: Panda Internet Security.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 26/01/2011.
Identifiers: VIGILANCE-VUL-10306.

Description of the vulnerability

The Panda Internet Security product install drivers, which are reachable via IOCTL. They are impacted by two vulnerabilities.

The kl1.sys driver does not check parameters of the IOCTL 0x06660d4c, which stops the system. [severity:1/4]

The AppFlt.sys driver does not check parameters of the IOCTL 0x06660e1c, which may lead to code execution. [severity:2/4]

A local attacker can therefore use two IOCTL on Panda Internet Security drivers, in order to create a denial of service or to execute code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Panda Internet Security: