发布时间 :2000-04-17 00:00:00
修订时间 :2008-09-10 15:03:47

[原文]Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods.

[CNNVD]Panda Security 3.0 的多个漏洞(CNNVD-200004-041)

        未使能注册表编辑的Panda Security 3.0存在漏洞,用户可以通过直接执行.reg文件或其他方法编辑注册表和获取特权。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20000417 bugs in Panda Security 3.0
(UNKNOWN)  BID  1119

- 漏洞信息

Panda Security 3.0 的多个漏洞
低危 访问验证错误
2000-04-17 00:00:00 2005-05-02 00:00:00
        未使能注册表编辑的Panda Security 3.0存在漏洞,用户可以通过直接执行.reg文件或其他方法编辑注册表和获取特权。

- 公告与补丁

        Panda Software has released a patch which addresses this vulnerability:
        Panda Security 3.0

- 漏洞信息 (19855)

Panda Security 3.0 Multiple Vulnerabilities (EDBID:19855)
windows local
2000-04-17 Verified
0 Zan
N/A [点击下载]

Panda Security is a user management application for Windows 9x. With it, certain functions can be prohibited for specific users.

One of the restrictive policies possible is to disable registry editing. However, even with this feature activated, any user can edit the registry by either executing a *.reg file or renaming and then executing regedit.exe. As the restriction settings for Panda are stored in the registry, this weakness negates the effectiveness of the rest of the Panda software.

In addition, users can uninstall Panda Security through the Add/Remove Programs applet in the Control Panel. An error message will appear when the user attempts to uninstall Panda Security. However upon reboot, the application will have been successfully uninstalled.		

- 漏洞信息

Panda Security Registry Editing Disable Option Bypass
Local Access Required Input Manipulation
Loss of Integrity Solution Unknown
Exploit Public Third-party Verified

- 漏洞描述

- 时间线

2000-04-17 Unknow
Unknow Unknow

- 解决方案

OSVDB is not aware of a solution for this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete