Privilege escalation vulnerability in PSEvents.exe with Panda 2016 products

Discussion in 'Panda' started by lordman, Jun 29, 2016.

  1. lordman

    lordman Level 5

    Apr 18, 2013
    249
    730
    Spain
    Windows 7
    Comodo
    Official Website:
    www.pandasecurity.com
    A vulnerability in the Panda 2016 products that allows the execution of code with elevated permissions has been detected in Small Business Protection and Panda 2016 products. The PSEvents.exe process is periodically run with elevated permissions and has dependencies of libraries located both in the default directory as well as in other system libraries. As the USERS group has Write permissions over the folder where the PSEvent.exe process is run and because the system first looks for libraries run by this process in the execution folder, it may be possible to create a malicious library in the execution folder that will replace one of the libraries installed in other folders. Therefore, a user could run malicious code with SYSTEM privileges.

    Privilege escalation vulnerability in PSEvents.exe with Panda 2016 products - Technical Support - Panda Security
     
    DardiM, Spawn and tonibalas like this.
  2. Spawn

    Spawn Administrator
    Staff Member Content Creator

    Jan 8, 2011
    16,260
    24,190
    Never liked Panda at all, not liked in the past nor in the present. Joking. :p @darko999

    It's not listed on their Tech Support page, but does this affect Panda Free Antivirus as well?
     
    Andytay70, DardiM and frogboy like this.
  3. lordman

    lordman Level 5

    Apr 18, 2013
    249
    730
    Spain
    Windows 7
    Comodo
    I don`t know.
     
  4. spaceoctopus

    spaceoctopus Level 10

    Jul 13, 2014
    496
    3,047
    Distant galaxy
    Windows 10
    ESET
    #4 spaceoctopus, Jun 30, 2016
    Last edited: Jun 30, 2016
    I think it should apply to the FREE version too.But from what i understand from the document, someone has to have access to your PC and obviously need a certain level of skill in programming languages. There is the Hotfix and they should push the fix in the next product update soon.
     
Loading...
Similar Threads Forum Date
Privilege Escalation Vulnerability in Microsoft Windows News Archive Oct 10, 2012
Patch Available for Linux Kernel Privilege Escalation Security News Oct 16, 2017
Video Review MSITC Avast Free 2017 backdoor evasion and Windows 10 privilege escalation Video Reviews Feb 26, 2017