Insecure DLL loading in Panda Security SL products - #VU50
Published: June 29, 2016 / Updated: November 22, 2018
Vulnerability identifier: #VU50
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-427
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Panda Security SL
Affected software:
Panda Antivirus Pro.
Panda Global Protection
Small Business Protection
Panda Antivirus Pro.
Panda Global Protection
Small Business Protection
Detailed vulnerability description
The vulnerability allows a local user to gain system privileges on the target system.
The vulnerability exists due to access control error when the 'PSEvents.exe' application attempts to load non-existing DLLs from a directory (%ProgramData%\Panda Security\Panda Devices Agent\Downloads) that has USERS group write permissions. A local user can execute arbitrary code with SYSTEM privileges by creating a specially crafted DLL.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
The vulnerability exists due to access control error when the 'PSEvents.exe' application attempts to load non-existing DLLs from a directory (%ProgramData%\Panda Security\Panda Devices Agent\Downloads) that has USERS group write permissions. A local user can execute arbitrary code with SYSTEM privileges by creating a specially crafted DLL.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Updates to resolve these issues can be installed using product update functionality.