A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows attackers to execute arbitrary code via placing a crafted DLL file in the same directory as PANDAVPN.exe.
References
Link | Resource |
---|---|
https://heegong.github.io/posts/Local-privilege-escalation-in-Panda-Dome-VPN-for-Windows-Installer/ | Exploit Technical Description Third Party Advisory |
https://www.pandasecurity.com/en/homeusers/vpn/ | Product |
https://www.pandasecurity.com/en/support/card?id=100080 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-07-13T00:00:00
Updated: 2023-07-13T00:00:00
Reserved: 2023-07-10T00:00:00
Link: CVE-2023-37849
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-07-13T22:15:09.110
Modified: 2023-07-27T14:50:09.963
Link: CVE-2023-37849
JSON object: View
Redhat Information
No data.
CWE