CVE-2015-1438 – Arbitrary Code Execution [PSKMAD.sys] In Panda Security – Multiple Products

Posted by Portcullis Advisories on Jul 13

Vulnerability title: Arbitrary Code Execution [PSKMAD.sys] In Panda Security – Multiple Products
CVE: CVE-2015-1438
Vendor: Panda Security
Product: Multiple Products
Affected version: 1.0.0.13
Fixed version: 15.1.0
Reported by: Kyriakos Economou
Details:

Panda Kernel Memory Access Driver doesn’t validate the size of data to be copied to both an allocated kernel paged pool
buffer and to an allocated non-paged pool buffer. Furthermore, the…

Leave a Reply