CVE-2014-5307 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Panda AV PRO 2014

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 81.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pandasecurity Panda AV PRO 2014 Pandasecurity Panda Global Protection 2014 Pandasecurity Panda Internet Security 2014

Timeline

PublishedAug 26

Latest updateMay 14

Description

Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL call.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶NVDpandasecurity/panda_av_pro_201413.01.01

▶NVDpandasecurity/panda_global_protection_20147.01.01

▶NVDpandasecurity/panda_internet_security_201419.01.01

🔴Vulnerability Details

GHSA

GHSA-h4qw-p9q8-p7jg: Heap-based buffer overflow in the PavTPK↗2022-05-14

▶

CVEList

CVE-2014-5307: Heap-based buffer overflow in the PavTPK↗2014-08-26

▶