MidnightBSD

Advisories for pandasecurity

CVE-2010-5172 MEDIUM

Race condition in Panda Internet Security 2010 15.01.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
pandasecurity panda_internet_security_2010 15.01.00
CVE-2012-1420 MEDIUM

The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
f-prot f-prot_antivirus 4.6.2.117
cat quick_heal 11.00
kaspersky kaspersky_anti-virus 7.0.0.125
microsoft security_essentials 2.0
pandasecurity panda_antivirus 10.0.2.7
authentium command_antivirus 5.2.11.5
eset nod32_antivirus 5795
fortinet fortinet_antivirus 4.2.254.0
k7computing antivirus 9.77.3565
norman norman_antivirus_&_antispyware 6.06.12
rising-global rising_antivirus 22.83.00.03
CVE-2012-1432 MEDIUM

The Microsoft EXE file parser in Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
pandasecurity panda_antivirus 10.0.2.7
emsisoft anti-malware 5.1.0.1
aladdin esafe 7.0.17.0
CVE-2012-1433 MEDIUM

The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
ahnlab v3_internet_security 2011.01.18.00
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
pandasecurity panda_antivirus 10.0.2.7
emsisoft anti-malware 5.1.0.1
aladdin esafe 7.0.17.0
CVE-2012-1434 MEDIUM

The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
ahnlab v3_internet_security 2011.01.18.00
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
pandasecurity panda_antivirus 10.0.2.7
emsisoft anti-malware 5.1.0.1
CVE-2012-1435 MEDIUM

The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
ahnlab v3_internet_security 2011.01.18.00
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
pandasecurity panda_antivirus 10.0.2.7
emsisoft anti-malware 5.1.0.1
aladdin esafe 7.0.17.0
CVE-2012-1436 MEDIUM

The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
ahnlab v3_internet_security 2011.01.18.00
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
pandasecurity panda_antivirus 10.0.2.7
emsisoft anti-malware 5.1.0.1
aladdin esafe 7.0.17.0
CVE-2012-1439 MEDIUM

The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified padding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
pandasecurity panda_antivirus 10.0.2.7
fortinet fortinet_antivirus 4.2.254.0
aladdin esafe 7.0.17.0
rising-global rising_antivirus 22.83.00.03
CVE-2012-1440 MEDIUM

The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA eTrust Vet Antivirus 36.1.8511, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified identsize field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
pandasecurity panda_antivirus 10.0.2.7
fortinet fortinet_antivirus 4.2.254.0
aladdin esafe 7.0.17.0
ca etrust_vet_antivirus 36.1.8511
norman norman_antivirus_&_antispyware 6.06.12
CVE-2012-1442 MEDIUM

The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, F-Secure Anti-Virus 9.0.16160.0, Sophos Anti-Virus 4.61.0, Antiy Labs AVL SDK 2.0.3.7, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified class field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sophos sophos_anti-virus 4.61.0
cat quick_heal 11.00
kaspersky kaspersky_anti-virus 7.0.0.125
pandasecurity panda_antivirus 10.0.2.7
antiy avl_sdk 2.0.3.7
mcafee gateway 2010.1c
mcafee scan_engine 5.400.0.1158
f-secure f-secure_anti-virus 9.0.16160.0
fortinet fortinet_antivirus 4.2.254.0
aladdin esafe 7.0.17.0
rising-global rising_antivirus 22.83.00.03
CVE-2012-1443 MEDIUM

The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sophos sophos_anti-virus 4.61.0
virusbuster virusbuster 13.6.151.0
emsisoft anti-malware 5.1.0.1
f-secure f-secure_anti-virus 9.0.16160.0
alwil avast_antivirus 4.8.1351.0
clamav clamav 0.96.4
k7computing antivirus 9.77.3565
norman norman_antivirus_&_antispyware 6.06.12
bitdefender bitdefender 7.2
f-prot f-prot_antivirus 4.6.2.117
gdata-software g_data_antivirus 21
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
microsoft security_essentials 2.0
trendmicro housecall 9.120.0.1004
pandasecurity panda_antivirus 10.0.2.7
avg avg_anti-virus 10.0.0.1190
mcafee gateway 2010.1c
authentium command_antivirus 5.2.11.5
eset nod32_antivirus 5795
aladdin esafe 7.0.17.0
nprotect nprotect_antivirus 2011-01-17.01
comodo comodo_antivirus 7424
kaspersky kaspersky_anti-virus 7.0.0.125
symantec endpoint_protection 11.0
alwil avast_antivirus 5.0.677.0
anti-virus vba32 3.12.14.2
fortinet fortinet_antivirus 4.2.254.0
avira antivir 7.11.1.163
pc_tools pc_tools_antivirus 7.0.3.5
ahnlab v3_internet_security 2011.01.18.00
cat quick_heal 11.00
jiangmin jiangmin_antivirus 13.0.900
trendmicro trend_micro_antivirus 9.120.0.1004
antiy avl_sdk 2.0.3.7
mcafee scan_engine 5.400.0.1158
rising-global rising_antivirus 22.83.00.03
CVE-2012-1444 MEDIUM

The ELF file parser in eSafe 7.0.17.0, Prevx 3.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified abiversion field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
pandasecurity panda_antivirus 10.0.2.7
prevx prevx 3.0
fortinet fortinet_antivirus 4.2.254.0
aladdin esafe 7.0.17.0
CVE-2012-1445 MEDIUM

The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified abi field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
pandasecurity panda_antivirus 10.0.2.7
fortinet fortinet_antivirus 4.2.254.0
aladdin esafe 7.0.17.0
rising-global rising_antivirus 22.83.00.03
CVE-2012-1446 MEDIUM

The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sophos sophos_anti-virus 4.61.0
kaspersky kaspersky_anti-virus 7.0.0.125
symantec endpoint_protection 11.0
fortinet fortinet_antivirus 4.2.254.0
norman norman_antivirus_&_antispyware 6.06.12
pc_tools pc_tools_antivirus 7.0.3.5
cat quick_heal 11.00
pandasecurity panda_antivirus 10.0.2.7
antiy avl_sdk 2.0.3.7
mcafee gateway 2010.1c
mcafee scan_engine 5.400.0.1158
aladdin esafe 7.0.17.0
ca etrust_vet_antivirus 36.1.8511
rising-global rising_antivirus 22.83.00.03
CVE-2012-1447 MEDIUM

The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified e_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
drweb dr.web_antivirus 5.0.2.03300
pandasecurity panda_antivirus 10.0.2.7
fortinet fortinet_antivirus 4.2.254.0
aladdin esafe 7.0.17.0
CVE-2012-1453 MEDIUM

The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sophos sophos_anti-virus 4.61.0
kaspersky kaspersky_anti-virus 7.0.0.125
emsisoft anti-malware 5.1.0.1
fortinet fortinet_antivirus 4.2.254.0
drweb dr.web_antivirus 5.0.2.03300
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
microsoft security_essentials 2.0
trendmicro housecall 9.120.0.1004
trendmicro trend_micro_antivirus 9.120.0.1004
pandasecurity panda_antivirus 10.0.2.7
antiy avl_sdk 2.0.3.7
mcafee gateway 2010.1c
ca etrust_vet_antivirus 36.1.8511
rising-global rising_antivirus 22.83.00.03
CVE-2012-1454 MEDIUM

The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified ei_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
drweb dr.web_antivirus 5.0.2.03300
pandasecurity panda_antivirus 10.0.2.7
mcafee gateway 2010.1c
fortinet fortinet_antivirus 4.2.254.0
aladdin esafe 7.0.17.0
rising-global rising_antivirus 22.83.00.03
CVE-2012-1456 MEDIUM

The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sophos sophos_anti-virus 4.61.0
kaspersky kaspersky_anti-virus 7.0.0.125
symantec endpoint_protection 11.0
emsisoft anti-malware 5.1.0.1
fortinet fortinet_antivirus 4.2.254.0
norman norman_antivirus_&_antispyware 6.06.12
f-prot f-prot_antivirus 4.6.2.117
cat quick_heal 11.00
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
jiangmin jiangmin_antivirus 13.0.900
trendmicro housecall 9.120.0.1004
trendmicro trend_micro_antivirus 9.120.0.1004
pandasecurity panda_antivirus 10.0.2.7
avg avg_anti-virus 10.0.0.1190
mcafee gateway 2010.1c
mcafee scan_engine 5.400.0.1158
eset nod32_antivirus 5795
aladdin esafe 7.0.17.0
comodo comodo_antivirus 7424
rising-global rising_antivirus 22.83.00.03
CVE-2012-1459 MEDIUM

The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sophos sophos_anti-virus 4.61.0
virusbuster virusbuster 13.6.151.0
emsisoft anti-malware 5.1.0.1
f-secure f-secure_anti-virus 9.0.16160.0
alwil avast_antivirus 4.8.1351.0
clamav clamav 0.96.4
k7computing antivirus 9.77.3565
norman norman_antivirus_&_antispyware 6.06.12
bitdefender bitdefender 7.2
f-prot f-prot_antivirus 4.6.2.117
gdata-software g_data_antivirus 21
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
microsoft security_essentials 2.0
trendmicro housecall 9.120.0.1004
pandasecurity panda_antivirus 10.0.2.7
avg avg_anti-virus 10.0.0.1190
mcafee gateway 2010.1c
authentium command_antivirus 5.2.11.5
eset nod32_antivirus 5795
nprotect nprotect_antivirus 2011-01-17.01
comodo comodo_antivirus 7424
kaspersky kaspersky_anti-virus 7.0.0.125
symantec endpoint_protection 11.0
alwil avast_antivirus 5.0.677.0
anti-virus vba32 3.12.14.2
fortinet fortinet_antivirus 4.2.254.0
avira antivir 7.11.1.163
pc_tools pc_tools_antivirus 7.0.3.5
ahnlab v3_internet_security 2011.01.18.00
cat quick_heal 11.00
jiangmin jiangmin_antivirus 13.0.900
trendmicro trend_micro_antivirus 9.120.0.1004
antiy avl_sdk 2.0.3.7
mcafee scan_engine 5.400.0.1158
rising-global rising_antivirus 22.83.00.03
CVE-2012-1463 MEDIUM

The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
f-secure f-secure_anti-virus 9.0.16160.0
norman norman_antivirus_&_antispyware 6.06.12
bitdefender bitdefender 7.2
f-prot f-prot_antivirus 4.6.2.117
ahnlab v3_internet_security 2011.01.18.00
cat quick_heal 11.00
pandasecurity panda_antivirus 10.0.2.7
authentium command_antivirus 5.2.11.5
mcafee scan_engine 5.400.0.1158
aladdin esafe 7.0.17.0
nprotect nprotect_antivirus 2011-01-17.01
comodo comodo_antivirus 7424
CVE-2014-3450 HIGH

Unspecified vulnerability in Panda Gold Protection and Global Protection 2014 7.01.01 and earlier, Internet Security 2014 19.01.01 and earlier, and AV Pro 2014 13.01.01 and earlier allows local users to gain privileges via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
pandasecurity panda_global_protection_2014 7.01.01
pandasecurity panda_gold_protection 7.01.01
pandasecurity panda_internet_security_2014 19.01.01
pandasecurity panda_av_pro_2014 13.01.01
CVE-2014-5307 HIGH

Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL call.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pandasecurity panda_global_protection_2014 7.01.01
pandasecurity panda_internet_security_2014 19.01.01
pandasecurity panda_av_pro_2014 13.01.01
CVE-2017-17683 HIGH

Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pandasecurity panda_global_protection 17.0.1
CVE-2017-17684 HIGH

Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \\.\PSMEMDriver DeviceIoControl request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
pandasecurity panda_global_protection 17.0.1
CVE-2018-6321 MEDIUM

Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-428,

Products Affected

Vendor Product Version
pandasecurity panda_global_protection 17.0.1
CVE-2018-6322 MEDIUM

Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal -- an "insecurely created named pipe." Ensures full access to Everyone users group.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
pandasecurity panda_global_protection 17.0.1
CVE-2019-12042 HIGH

Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, which leads to privilege escalation when the CmdLineExecute event is queued. This affects Panda Antivirus, Panda Antivirus Pro, Panda Dome, Panda Global Protection, Panda Gold Protection, and Panda Internet Security.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
pandasecurity panda_antivirus *
pandasecurity panda_gold_protection *
pandasecurity panda_global_protection *
pandasecurity panda_antivirus_pro *
pandasecurity panda_dome *
pandasecurity panda_internet_security *
CVE-2021-26750 MEDIUM

DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Panda Adaptive Defense 360 <= 8.0.17 allows attacker to escalate privileges via maliciously crafted DLL file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
pandasecurity panda_devices_agent *
pandasecurity panda_adaptive_defense_360 *
CVE-2024-7241

Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the PSANHost service. By creating a junction, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23375.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
pandasecurity panda_dome 22.02.01
CVE-2024-7242

Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the PSANHost executable. By creating a junction, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23402.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
pandasecurity panda_dome 22.02.01
CVE-2024-7243

Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the PSANHost executable. By creating a junction, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23413.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
pandasecurity panda_dome 22.02.01
CVE-2024-7244

Panda Security Dome VPN DLL Hijacking Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the VPN process. The process does not restrict DLL search to trusted paths, which can result in the loading of a malicious DLL. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23428.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
pandasecurity panda_dome 22.02.01
CVE-2024-7245

Panda Security Dome VPN Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Hydra Sdk Windows Service. The issue lies in the lack of proper permissions set on a folder created by the service. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23429.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
pandasecurity panda_dome 22.02.01