10
CVSSv2

CVE-2019-12042

Published: 23/05/2019 Updated: 28/05/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products prior to 18.07.03 allow malicious users to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, which leads to privilege escalation when the CmdLineExecute event is queued. This affects Panda Antivirus, Panda Antivirus Pro, Panda Dome, Panda Global Protection, Panda Gold Protection, and Panda Internet Security.

Vulnerability Trend

Affected Products

Vendor Product Versions
PandasecurityPanda Gold Protection7.01.01

Github Repositories

Panda Antivirus - Local Privilege Escalation (CVE-2019-12042) This is the exploit for a vulnerability I found in Panda Antivirus leading to escalation of privileges to SYSTEM The affected products are : Versions < 180703 of Panda Dome, Panda Internet Security, Panda Antivirus Pro, Panda Global Protection, Panda Gold Protection, and old versions of Panda Antivirus &