Panda Security 3.0 的多个漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105788 漏洞类型 访问验证错误
发布时间 2000-04-17 更新时间 2005-05-02
CVE编号 CVE-2000-0264 CNNVD-ID CNNVD-200004-041
漏洞平台 Windows CVSS评分 2.1
|漏洞来源
https://www.exploit-db.com/exploits/19855
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200004-041
|漏洞详情
未使能注册表编辑的PandaSecurity3.0存在漏洞,用户可以通过直接执行.reg文件或其他方法编辑注册表和获取特权。
|漏洞EXP
source: http://www.securityfocus.com/bid/1119/info

Panda Security is a user management application for Windows 9x. With it, certain functions can be prohibited for specific users.

One of the restrictive policies possible is to disable registry editing. However, even with this feature activated, any user can edit the registry by either executing a *.reg file or renaming and then executing regedit.exe. As the restriction settings for Panda are stored in the registry, this weakness negates the effectiveness of the rest of the Panda software.

In addition, users can uninstall Panda Security through the Add/Remove Programs applet in the Control Panel. An error message will appear when the user attempts to uninstall Panda Security. However upon reboot, the application will have been successfully uninstalled.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/19855.zip
|参考资料

来源:updates.pandasoftware.com
链接:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
来源:BUGTRAQ
名称:20000417bugsinPandaSecurity3.0
链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es
来源:BID
名称:1119
链接:http://www.securityfocus.com/bid/1119