ISS X-Force Database: panda-antivirus-cpointsys-priv-escalation(41079): Multiple Panda Software Antivirus products cpoint.sys privilege escalation

Multiple Panda Software Antivirus products cpoint.sys privilege escalation

panda-antivirus-cpointsys-priv-escalation (41079)

High Risk

Description:

Multiple Panda Software products could allow a local attacker to gain elevated privileges on the system, caused by an error in the cpoint.sys driver. By sending a specially-crafted IOCTL request, an attacker could exploit this vulnerability to overwrite system memory or cause a denial of service and execute arbitrary code on the system with kernel level privileges.

Platforms Affected:

Panda Software, Panda Antivirus + Firewall 2008
Panda Software, Panda Internet Security 2008

Remedy:

For Panda Internet Security 2008:
Apply the hotfix for this vulnerability (hfp120801s1.exe), available from the Panda Security Online Support Center Help Web site. See References.

For Panda Antivirus + Firewall 2008:
Apply the hotfix for this vulnerability (hft70801s1.exe), available from the Panda Security Online Support Center Help Web site. See References.

Consequences:

Gain Privileges

References:

Panda Security Online Support Center Help Web site, Vulnerability detected in the Internet protection level control in Panda Internet Security 2008 at http://www.pandasecurity.com/homeusers/support/card?id=41337&idIdioma=2&ref=ProdExp.
Panda Security Online Support Center Help Web site, Vulnerability detected in the Internet protection level control in Panda Antivirus + Firewall 2008 at http://www.pandasecurity.com/homeusers/support/card?id=41231&idIdioma=2&ref=ProdExp.
Trapkit Security Advisory TKADV2008-001, Panda Internet Security/Antivirus+Firewall 2008 cpoint.sys Kernel Driver Memory Corruption Vulnerability at http://www.trapkit.de/advisories/TKADV2008-001.txt.
BID-28150: Panda Internet Security/Antivirus+Firewall 2008 CPoint.sys Memory Corruption Vulnerability
CVE-2008-1471: The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory.
SA29311: Panda Products cpoint.sys Privilege Escalation Vulnerabilities
SECTRACK ID: 1019568: Panda Internet Security 'cpoint.sys' Driver Bug Lets Local Users Gain Kernel Level Privileges
VUPEN/ADV-2008-0801: Panda Products cpoint.sys Driver Privilege Escalation Vulnerabilities

Reported:

Mar 10, 2008

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page