CVE-2014-5307

Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL call.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pandasecurity:panda_av_pro_2014:13.01.01:*:*:*:*:*:*:*
cpe:2.3:a:pandasecurity:panda_global_protection_2014:7.01.01:*:*:*:*:*:*:*
cpe:2.3:a:pandasecurity:panda_internet_security_2014:19.01.01:*:*:*:*:*:*:*

History

21 Nov 2024, 02:11

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/127948/Panda-Security-2014-Privilege-Escalation.html - () http://packetstormsecurity.com/files/127948/Panda-Security-2014-Privilege-Escalation.html -
References () http://seclists.org/fulldisclosure/2014/Aug/53 - () http://seclists.org/fulldisclosure/2014/Aug/53 -
References () http://www.securityfocus.com/archive/1/533182/100/0/threaded - () http://www.securityfocus.com/archive/1/533182/100/0/threaded -
References () http://www.securityfocus.com/bid/69293 - () http://www.securityfocus.com/bid/69293 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/95382 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/95382 -
References () https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5307/ - () https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5307/ -

Information

Published : 2014-08-26 14:55

Updated : 2024-11-21 02:11


NVD link : CVE-2014-5307

Mitre link : CVE-2014-5307

CVE.ORG link : CVE-2014-5307


JSON object : View

Products Affected

pandasecurity

  • panda_global_protection_2014
  • panda_av_pro_2014
  • panda_internet_security_2014
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer