CVE-2009-4215

Опубликовано: 07 дек. 2009

Источник: nvd

CVSS2: 7.2

EPSS Низкий

Описание

Panda Global Protection 2010, Internet Security 2010, and Antivirus Pro 2010 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs.

Ссылки

http://secunia.com/advisories/37373
Vendor Advisory
http://www.pandasecurity.com/homeusers/support/card?id=80164&idIdioma=2
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/507811/100/0/threaded
http://www.securitytracker.com/id?1023121
http://www.vupen.com/english/advisories/2009/3126
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54268
http://secunia.com/advisories/37373
Vendor Advisory
http://www.pandasecurity.com/homeusers/support/card?id=80164&idIdioma=2
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/507811/100/0/threaded
http://www.securitytracker.com/id?1023121
http://www.vupen.com/english/advisories/2009/3126
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54268

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:*:*:32_bit:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:*:*:64-bit:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:*:*:32-bit:*:*:*:*:*

Одно из

cpe:2.3:a:pandasecurity:panda_antivirus:2010:*:pro:*:*:*:*:*

cpe:2.3:a:pandasecurity:panda_global_protection:2010:*:*:*:*:*:*:*

cpe:2.3:a:pandasecurity:panda_internet_security:2010:*:pro:*:*:*:*:*

EPSS

Процентиль: 12%

0.00041

Низкий

7.2 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-pwcw-cc5w-f5wp

github

почти 4 года назад