Skip to content
The exploit for Panda AV LPE
Branch: master
Clone or download
Latest commit 778b2ca May 22, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin Add files via upload Feb 4, 2019
README.md
base64.c Add exploit files Feb 4, 2019
base64.h
exploit.c
poc.png Add files via upload Feb 4, 2019
resource.h Add exploit files Feb 4, 2019

README.md

Panda Antivirus - Local Privilege Escalation (CVE-2019-12042)

This is the exploit for a vulnerability I found in Panda Antivirus leading to escalation of privileges to SYSTEM.

The affected products are : Versions < 18.07.03 of Panda Dome, Panda Internet Security, Panda Antivirus Pro, Panda Global Protection, Panda Gold Protection, and old versions of Panda Antivirus >= 15.0.4.

The issue has been fixed in version 18.07.03.

A compiled x86 exploit can be found under the bin directory, it executes as SYSTEM a dummy program that loops indefinitely. The compiled exploit is universal to all Windows versions and to all the products above.

Link to advisory : https://www.pandasecurity.com/usa/support/card?id=100063

Technical write-up

https://rce4fun.blogspot.com/2019/05/panda-antivirus-local-privilege.html

Poc image (Windows 10 x64)

PoC

You can’t perform that action at this time.