Skip to content

SouhailHammou/Panda-Antivirus-LPE

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
bin
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Panda Antivirus - Local Privilege Escalation (CVE-2019-12042)

This is the exploit for a vulnerability I found in Panda Antivirus leading to escalation of privileges to SYSTEM.

The affected products are : Versions < 18.07.03 of Panda Dome, Panda Internet Security, Panda Antivirus Pro, Panda Global Protection, Panda Gold Protection, and old versions of Panda Antivirus >= 15.0.4.

The issue has been fixed in version 18.07.03.

A compiled x86 exploit can be found under the bin directory, it executes as SYSTEM a dummy program that loops indefinitely. The compiled exploit is universal to all Windows versions and to all the products above.

Link to advisory : https://www.pandasecurity.com/usa/support/card?id=100063

Technical write-up

https://rce4fun.blogspot.com/2019/05/panda-antivirus-local-privilege.html

Poc image (Windows 10 x64)

PoC

About

The exploit for Panda AV LPE

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages