Installation of files with non-secure permissions in Corporate products

Informationen gäller för:

Produkter

Panda for Desktops

Panda for File Servers (Windows)

Operativ system

Windows 2000 Professional	Windows XP (32-bit Edition)
Windows 2000 Server	Windows XP (64-bit Edition)
Windows Server 2003	Windows Server 2008
Windows Vista (32-bit Edition)	Windows 7 (32-bit Edition)
Windows Vista (64-bit Edition)	Windows 7 (64-bit Edition)

Situation

A vulnerability has been detected in the installation of Corporate Software Solution products which gives Full Control permissions over the program's installation directory files.

Consequently, a local user without the necessary privileges could replace the files with malicious executable files and run arbitrary code with SYSTEM privileges.

Solution

To resolve the local privilege escalation problems, Panda Security has developed a hotfix. Follow the steps below to apply it:

Download the hotfix for your operating system:
- CSS_x86_SecurityFix.exe for 32 bit-Edition (68.7 KB)
- CSS_x64_SecurityFix.exe for 64 bit-Edition (70.7 KB)
Save the file to your hard disk; to the Windows Desktop, for example.
Run the downloaded file. You can do this by double-clicking the file to apply the hotfix.
Check that the incident has been resolved.

Panda Security would like to thank researcher Nikolas Sotiriu for working responsibly with us and for his constant effort to improve security.

Artikelnummer- 20130111 40061 EN

Har ditt problem lösts med hjälp av denna artikel?

JA NEJ

Tack för ditt svar

Hur skulle du förbättra denna artikel?

ALLTID ONLINE, REDO ATT HJÄLPA TILL TWITTER FORUM

Behöver du hjälp?

Installation of files with non-secure permissions in Corporate products

Hur skulle du förbättra denna artikel?

Vill du kontakta teknisk support?

Om Panda

Hemanvändare

Business - WatchGuard Technologies