CVE-2019-12042

Name of the Vulnerable Software and Affected Versions Panda Antivirus versions prior to 18.07.03 Panda Antivirus Pro versions prior to 18.07.03 Panda Dome versions prior to 18.07.03 Panda Global Protection versions prior to 18.07.03 Panda Gold Protection versions prior to 18.07.03 Panda Internet Security versions prior to 18.07.03

Description The issue is related to insecure permissions in Panda products, specifically with the section object GlobalPandaDevicesAgentSharedMemory and the event GlobalPandaDevicesAgentSharedMemoryChange. This allows attackers to queue an event to the system service AgentSvc.exe, leading to privilege escalation when the CmdLineExecute event is queued.

Recommendations For Panda Antivirus versions prior to 18.07.03, update to version 18.07.03 or later. For Panda Antivirus Pro versions prior to 18.07.03, update to version 18.07.03 or later. For Panda Dome versions prior to 18.07.03, update to version 18.07.03 or later. For Panda Global Protection versions prior to 18.07.03, update to version 18.07.03 or later. For Panda Gold Protection versions prior to 18.07.03, update to version 18.07.03 or later. For Panda Internet Security versions prior to 18.07.03, update to version 18.07.03 or later.