Panda Security PSEvents.exe Insecure DLL Loading Privilege Escalation

PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An attacker with low-privileged access who can write DLL files to the monitored directory can achieve arbitrary code execution with SYSTEM privileges. Affected products include Panda Global Protection 2016, Panda Antivirus Pro 2016, Panda Small Business Protection, and Panda Internet Security 2016 (all versions up to 16.1.2).

N/A

对搜索路径元素未加控制

Panda Security多款产品 代码问题漏洞

Panda Security Antivirus等都是西班牙熊猫安全（Panda Security）公司的产品。Panda Security Antivirus是一套杀毒软件。Panda Security Internet Security是一套基于云技术的杀毒软件。Panda Security Free Antivirus是一款免费的杀毒软件。 Panda Security多款产品存在安全漏洞，该漏洞源于DLL文件加载验证不当，可能导致任意代码执行。以下产品及版本受到影响：Panda Global Pr

N/A

N/A