Vigil@nce - Panda AV, IS: buffer overflow of RKPavProc.sys
July 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can generate a buffer overflow in the Panda
RKPavProc.sys driver, in order to obtain system privileges.
Severity: 2/4
Creation date: 07/07/2010
DESCRIPTION OF THE VULNERABILITY
The Panda Antivirus and Panda Internet Security products install
the driver RKPavProc.sys to detect RootKits. This driver is
impacted by two vulnerabilities.
A local attacker can use the ioctl 0x1FA50004, in order to force
RKPavProc.sys to dereference a NULL pointer, which generates a
denial of service. [severity:1/4]
A local attacker can use the ioctl 0x1FA50010, in order to
generate a buffer overflow in RKPavProc.sys, which leads to code
execution with system privileges. [severity:2/4]
A local attacker can therefore generate a buffer overflow in the
Panda RKPavProc.sys driver, in order to obtain system privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Panda-AV-IS-buffer-overflow-of-RKPavProc-sys-9746