CVE-2009-4215

Published: Dec 7, 2009Modified: Apr 23, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

Panda Global Protection 2010, Internet Security 2010, and Antivirus Pro 2010 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs.

Affected (3)

Products: Pandasecurity: Panda Antivirus, Panda Global Protection, Panda Internet Security

Pandasecurity

3 products

Panda Antivirus

Panda Global Protection

Panda Internet Security

Configuration A

3 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Pandasecurity Panda Antivirus	Version 2010
Pandasecurity Panda Global Protection	Version 2010
Pandasecurity Panda Internet Security	Version 2010

Running on/with	Platform Versions
Microsoft Windows 7	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions

Related CWEs

CWE-264

References (12)

http://secunia.com/advisories/37373

Source: cve@mitre.org

Vendor Advisory

http://www.pandasecurity.com/homeusers/support/card?id=80164&idIdioma=2

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/archive/1/507811/100/0/threaded

Source: cve@mitre.org

http://www.securitytracker.com/id?1023121

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/3126

Source: cve@mitre.org

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/54268

Source: cve@mitre.org

http://secunia.com/advisories/37373