Panda antivirus business solution allows code to slip in
Zero Day Initiative (ZDI) has published information about a critical hole in Panda AdminSecure 2006 which comes with Panda BusinesSecure 2006 and Panda EnterpriSecure 2006. AdminSecure is used to manage and monitor clients, servers and firewalls centrally.
According to the bug report, a system can be compromised by a heap overflow in the AdminSecure agent on the clients. In order to do this, it is sufficient to send packets with manipulated content to TCP port 19226 or 19227. No more details are available from the service. According to ZDI, Panda has provided an Update which will be passed on to registered customers.