module

Panda Security PSEvents Privilege Escalation

Disclosed	Created
2016-06-27	2018-05-30

Disclosed

2016-06-27

Created

2018-05-30

Description

PSEvents.exe within several Panda Security products runs hourly with SYSTEM privileges.
When run, it checks a user writable folder for certain DLL files, and if any are found
they are automatically run.
Vulnerable Products:
Panda Global Protection 2016 (
Panda Antivirus Pro 2016 (
Panda Small Business Protection (
Panda Internet Security 2016 (

Authors

h00die mike@shorebreaksecurity.com
Security-Assessment.com

Platform

Windows

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use exploit/windows/local/panda_psevents
    msf exploit(panda_psevents) > show targets
        ...targets...
    msf exploit(panda_psevents) > set TARGET < target-id >
    msf exploit(panda_psevents) > show options
        ...show and set options...
    msf exploit(panda_psevents) > exploit

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today