Panda AdminSecure Communications Agent < 126.96.36.199 Directory Traversal
Critical Nessus Plugin ID 70683
SynopsisThe remote Windows host contains an application that is affected by a directory traversal vulnerability.
DescriptionThe Panda AdminSecure Communications Agent software, which is used for centralized management of Panda Antivirus, installed on the remote Windows host contains a flaw in the handling of MESSAGE_FROM_REMOTE messages. The software does not properly sanitize inputs, allowing an attacker to craft a special message that allows traversing outside of a restricted path. This may allow a remote attacker to overwrite arbitrary files and execute remote code with SYSTEM privileges.
SolutionUpgrade to Panda AdminSecure hotfix 4_50_00_0032 or later and update all connected agents.