Installation of files with non-secure permissions in 2010 antivirus products

Information applies to:

Products

Panda Global Protection 2010

Panda Internet Security 2010

Panda Antivirus Pro 2010

Panda Antivirus for Netbooks 2010

Operating Systems

Windows Vista (32-bit Edition)	Windows 7 (32-bit Edition)
Windows Vista (64-bit Edition)	Windows 7 (64-bit Edition)
Windows XP (32-bit Edition)

Situation

A vulnerability has been detected in the installation 2010 antivirus products which gives Total Control permissions over the program´s installation directory files.

Consequently, a local user without the necessary privileges could replace the files with malicious executable files and run arbitrary code with SYSTEM privileges.

Solution

To resolve the local privilege escalation problems reported by Maxim A. Kulakov, Panda Securitye has developed a serie of hotfixes. Follow the steps below to apply them:

Download the hotfix for your product.
- Panda Global Protection 2010: hotfix hfgp30910s1_r7.exe (2.15 MB).
- Panda Internet Security 2010: hotfix hfp150906s19_r1.exe (2.15 MB).
- Panda Antivirus Pro 2010: hotfix hft90906s15_r1.exe (2.15 MB).
- Panda Antivirus for Netbooks 2010: hotfix hft90906s15_r1.exe (2.15 MB).
Save the file to your hard disk; to the Windows Desktop, for example.
Run the downloaded file. You can do this by double-clicking the file to apply the hotfix.
Check that the incident has been resolved.

Help nº- 20100107 80164 EN

Has this help been useful?

Very useful.
Useful.
Quite useful.
Not very useful.

Help us to improve our service by letting us know your opinion. Your suggestions will help to resolve your questions more quickly and effectively.

RSS - News coverage on virus and intrusion prevention | TWITTER - PANDA SECURITY

Our Cloud Twitter | Web Map | Contact | Affiliates