Lucene search

[email protected]NVD:CVE-2015-1438

HistoryJul 25, 2017 - 6:29 p.m.

CVE-2015-1438

2017-07-2518:29:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.0%

JSON

Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged pool and allocated non-paged pool buffers.

Affected configurations

Nvd

Node

panda_securitypanda_antivirus_pro_2015Match1.0.0.13

panda_securitypanda_global_protection_2015Match1.0.0.13

panda_securitypanda_gold_protection_2015Match1.0.0.13

panda_securitypanda_internet_security_2015Match1.0.0.13

VendorProductVersionCPE
panda_securitypanda_antivirus_pro_20151.0.0.13cpe:2.3:a:panda_security:panda_antivirus_pro_2015:1.0.0.13:*:*:*:*:*:*:*
panda_securitypanda_global_protection_20151.0.0.13cpe:2.3:a:panda_security:panda_global_protection_2015:1.0.0.13:*:*:*:*:*:*:*
panda_securitypanda_gold_protection_20151.0.0.13cpe:2.3:a:panda_security:panda_gold_protection_2015:1.0.0.13:*:*:*:*:*:*:*
panda_securitypanda_internet_security_20151.0.0.13cpe:2.3:a:panda_security:panda_internet_security_2015:1.0.0.13:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
panda_security	panda_antivirus_pro_2015	1.0.0.13	cpe:2.3:a:panda_security:panda_antivirus_pro_2015:1.0.0.13:::::::*
panda_security	panda_global_protection_2015	1.0.0.13	cpe:2.3:a:panda_security:panda_global_protection_2015:1.0.0.13:::::::*
panda_security	panda_gold_protection_2015	1.0.0.13	cpe:2.3:a:panda_security:panda_gold_protection_2015:1.0.0.13:::::::*
panda_security	panda_internet_security_2015	1.0.0.13	cpe:2.3:a:panda_security:panda_internet_security_2015:1.0.0.13:::::::*

References

packetstormsecurity.com/files/132682/Panda-Security-1.0.0.13-Arbitrary-Code-Execution.html

seclists.org/fulldisclosure/2015/Jul/42

seclists.org/fulldisclosure/2015/Jul/61

www.securityfocus.com/bid/75715

tools.cisco.com/security/center/viewAlert.x?alertId=39908

www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-1438/

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.0%

JSON

Related for NVD:CVE-2015-1438

prion1 cve1 cvelist1 openvas1