In association with heise online

10 March 2008, 11:31

Privilege escalation via Panda Security Suite

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A driver in Panda's Internet Security 2008 and Antivirus+Firewall 2008 allows local users to escalate their system privileges and take complete control of the system. The vendor has now released hotfixes which fix the security vulnerability for the affected products.

According to the vulnerability's discover Tobias Klein, the vulnerability affects the cpoint.sys kernel driver. The driver processes ‘IOCTLs', – input and output requests – to the driver, without adequately checking the values passed to it. This can result in kernel memory being overwritten and execution of code with full system privileges.

Panda has confirmed the existence of the bug and has released downloadable hotfixes which users should install as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit