Panda Security cpoint.sys Kernel Memory Corruption

high Nessus Plugin ID 31462

Synopsis

The remote host contains an application that is affected by a kernel memory corruption vulnerability.

Description

A vulnerability in the 'Cpoint.sys' kernel driver shipped with Panda Antivirus+ Firewall 2008 and Panda Internet Security 2008 fails to sufficiently validate IOCTL requests before processing them. A local attacker may be able to leverage this issue to execute arbitrary code with kernel privileges or crash the system by causing a kernel panic.

Solution

Apply the appropriate hotfix as discussed in the vendor advisories above.

See Also

http://www.trapkit.de/advisories/TKADV2008-001.txt

https://seclists.org/bugtraq/2008/Mar/100

https://www.pandasecurity.com/usa/support/card?id=41231

https://www.pandasecurity.com/usa/support/card?id=41337

Plugin Details

Severity: High

ID: 31462

File Name: panda_av_fw_cpoint_sys_kernel_mem_corrupt.nasl

Version: 1.18

Type: local

Agent: windows

Family: Windows

Published: 3/13/2008

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:panda:panda_antivirus_and_firewall

Required KB Items: SMB/Registry/Enumerated, Antivirus/Panda/installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/7/2008

Reference Information

CVE: CVE-2008-1471

BID: 28150

CWE: 399

Secunia: 29311