Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4191 — Antivirus vulnerability

4 documents4 sources

Severity

6.9MEDIUMNVD

CNA7.2

EPSS

0.1%

top 73.91%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Panda Antivirus

Timeline

PublishedAug 8

Latest updateMay 1

Description

Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

▶NVDpanda/panda_antivirus2008

🔴Vulnerability Details

GHSA

GHSA-vq93-37v2-76p4: Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain L↗2022-05-01

▶

CVEList

CVE-2007-4191: Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain L↗2007-08-08

▶

💥Exploits & PoCs

Exploit-DB

Panda AntiVirus 2008 - Local Privilege Escalation↗2007-08-05

▶