Installation of files with non-secure permissions in Corporate products

Information applies to:

Products

Panda for Desktops

Panda for File Servers (Windows)

Operating systems

Windows 2000 Professional	Windows XP (32-bit Edition)
Windows 2000 Server	Windows XP (64-bit Edition)
Windows Server 2003	Windows Server 2008
Windows Vista (32-bit Edition)	Windows 7 (32-bit Edition)
Windows Vista (64-bit Edition)	Windows 7 (64-bit Edition)

Situation

A vulnerability has been detected in the installation of Corporate Software Solution products which gives Full Control permissions over the program's installation directory files.

Consequently, a local user without the necessary privileges could replace the files with malicious executable files and run arbitrary code with SYSTEM privileges.

Solution

To resolve the local privilege escalation problems, Panda Security has developed a hotfix. Follow the steps below to apply it:

Download the hotfix for your operating system:
- CSS_x86_SecurityFix.exe for 32 bit-Edition (68.7 KB)
- CSS_x64_SecurityFix.exe for 64 bit-Edition (70.7 KB)
Save the file to your hard disk; to the Windows Desktop, for example.
Run the downloaded file. You can do this by double-clicking the file to apply the hotfix.
Check that the incident has been resolved.

Panda Security would like to thank researcher Nikolas Sotiriu for working responsibly with us and for his constant effort to improve security.

Help nº- 20130111 40061 EN

ALWAYS ONLINE TO HELP YOU TWITTER FORUM

Contact our technicians:

1-844-956-2648 1-866-748-2157x2 PREMIUM1-844-255-7356 Email us

ALWAYS ONLINE TO HELP YOU TWITTER FORUM

Need help?

Installation of files with non-secure permissions in Corporate products

Contact our technicians:

About Panda

Home Users

Business - WatchGuard Technologies