Privilege escalation vulnerability in PSEvents.exe with Panda 2016 products

[lordman]

A vulnerability in the Panda 2016 products that allows the execution of code with elevated permissions has been detected in Small Business Protection and Panda 2016 products. The PSEvents.exe process is periodically run with elevated permissions and has dependencies of libraries located both in the default directory as well as in other system libraries. As the USERS group has Write permissions over the folder where the PSEvent.exe process is run and because the system first looks for libraries run by this process in the execution folder, it may be possible to create a malicious library in the execution folder that will replace one of the libraries installed in other folders. Therefore, a user could run malicious code with SYSTEM privileges.

Privilege escalation vulnerability in PSEvents.exe with Panda 2016 products - Technical Support - Panda Security

 

[Ink]

Never liked Panda at all, not liked in the past nor in the present. Joking. @darko999

It's not listed on their Tech Support page, but does this affect Panda Free Antivirus as well?

 

[lordman]

It's not listed on their Tech Support page, but does this affect Panda Free Antivirus as well?

I don`t know.

 

[spaceoctopus]

I think it should apply to the FREE version too.But from what i understand from the document, someone has to have access to your PC and obviously need a certain level of skill in programming languages. There is the Hotfix and they should push the fix in the next product update soon.