Privilege escalation vulnerability in PSEvents.exe with Panda 2016 products

Joined
Apr 18, 2013
Messages
252
OS
Windows 7
Antivirus
Comodo
#1
A vulnerability in the Panda 2016 products that allows the execution of code with elevated permissions has been detected in Small Business Protection and Panda 2016 products. The PSEvents.exe process is periodically run with elevated permissions and has dependencies of libraries located both in the default directory as well as in other system libraries. As the USERS group has Write permissions over the folder where the PSEvent.exe process is run and because the system first looks for libraries run by this process in the execution folder, it may be possible to create a malicious library in the execution folder that will replace one of the libraries installed in other folders. Therefore, a user could run malicious code with SYSTEM privileges.

Privilege escalation vulnerability in PSEvents.exe with Panda 2016 products - Technical Support - Panda Security
 
Joined
Jul 13, 2014
Messages
574
OS
Windows 10
Antivirus
ESET
#4
I think it should apply to the FREE version too.But from what i understand from the document, someone has to have access to your PC and obviously need a certain level of skill in programming languages. There is the Hotfix and they should push the fix in the next product update soon.
 
Last edited: