CVE-2007-4191 - Vulnerability Details - OpenCVE

Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Panda	Panda Antivirus

Configuration 1 [-]

cpe:2.3:a:panda:panda_antivirus:2008:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.spirityenterprise.com/mdr-for-endpoint
https://www.spirityenterprise.com/virtual-ciso
http://secunia.com/advisories/26336
http://securityreason.com/securityalert/2968
http://www.pandasecurity.com/homeusers/support/card?id=41111&idIdioma=2&ref=PAV08Dev
http://www.securityfocus.com/archive/1/475373/100/0/threaded
http://www.securityfocus.com/archive/1/480022/100/100/threaded
http://www.securityfocus.com/archive/1/480443/100/100/threaded
http://www.securityfocus.com/bid/25186
http://www.securitytracker.com/id?1018722
http://www.vupen.com/english/advisories/2007/2784
https://tiifp.org/tarkus/advisories/panda030707.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-08T01:11:00.000Z

Updated: 2024-08-07T14:46:39.532Z

Reserved: 2007-08-07T00:00:00.000Z

Link: CVE-2007-4191

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-08-08T01:17:00.000

Modified: 2026-04-23T00:35:47.467

Link: CVE-2007-4191

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-02T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20070919 RE: Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/480022/100/100/threaded"}, {"name": "26336", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26336"}, {"name": "20070924 RE: Re[2]: [Full-disclosure] Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/480443/100/100/threaded"}, {"name": "1018722", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018722"}, {"name": "25186", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25186"}, {"name": "20070802 Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/475373/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "https://tiifp.org/tarkus/advisories/panda030707.txt"}, {"name": "2968", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2968"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.pandasecurity.com/homeusers/support/card?id=41111&idIdioma=2&ref=PAV08Dev"}, {"name": "ADV-2007-2784", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2784"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4191", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070919 RE: Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/480022/100/100/threaded"}, {"name": "26336", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26336"}, {"name": "20070924 RE: Re[2]: [Full-disclosure] Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/480443/100/100/threaded"}, {"name": "1018722", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018722"}, {"name": "25186", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25186"}, {"name": "20070802 Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/475373/100/0/threaded"}, {"name": "https://tiifp.org/tarkus/advisories/panda030707.txt", "refsource": "MISC", "url": "https://tiifp.org/tarkus/advisories/panda030707.txt"}, {"name": "2968", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2968"}, {"name": "http://www.pandasecurity.com/homeusers/support/card?id=41111&idIdioma=2&ref=PAV08Dev", "refsource": "CONFIRM", "url": "http://www.pandasecurity.com/homeusers/support/card?id=41111&idIdioma=2&ref=PAV08Dev"}, {"name": "ADV-2007-2784", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2784"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:46:39.532Z"}, "title": "CVE Program Container", "references": [{"name": "20070919 RE: Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/480022/100/100/threaded"}, {"name": "26336", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26336"}, {"name": "20070924 RE: Re[2]: [Full-disclosure] Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/480443/100/100/threaded"}, {"name": "1018722", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018722"}, {"name": "25186", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25186"}, {"name": "20070802 Panda Antivirus 2008 Local Privileg Escalation (UPS they did it again)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/475373/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://tiifp.org/tarkus/advisories/panda030707.txt"}, {"name": "2968", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2968"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.pandasecurity.com/homeusers/support/card?id=41111&idIdioma=2&ref=PAV08Dev"}, {"name": "ADV-2007-2784", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2784"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4191", "datePublished": "2007-08-08T01:11:00.000Z", "dateReserved": "2007-08-07T00:00:00.000Z", "dateUpdated": "2024-08-07T14:46:39.532Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:panda:panda_antivirus:2008:*:*:*:*:*:*:*", "matchCriteriaId": "A12B6714-7FD7-4EF7-A506-80D3C53DC2FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657."}, {"lang": "es", "value": "Panda Antivirus 2008 almacena ejecutables de servicio bajo el directorio de instalaci\u00f3n del producto con permisos d\u00e9biles, lo cual permite a usuarios locales obtener privilegios LocalSystem modificando PAVSRV51.EXE u otros ficheros no especificados, un asunto similar a CVE-2006-4657."}], "id": "CVE-2007-4191", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-08T01:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26336"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2968"}, {"source": "cve@mitre.org", "url": "http://www.pandasecurity.com/homeusers/support/card?id=41111&idIdioma=2&ref=PAV08Dev"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/475373/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/480022/100/100/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/480443/100/100/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/25186"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018722"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2784"}, {"source": "cve@mitre.org", "url": "https://tiifp.org/tarkus/advisories/panda030707.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26336"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2968"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.pandasecurity.com/homeusers/support/card?id=41111&idIdioma=2&ref=PAV08Dev"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/475373/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/480022/100/100/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/480443/100/100/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/25186"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1018722"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2784"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://tiifp.org/tarkus/advisories/panda030707.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}